Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
1
Replies

icmp log on ASA inside:outside

rocky2024
Level 1
Level 1

‎08-08-2023 10:32 PM - edited ‎08-08-2023 10:37 PM

 

rocky1_0-1691558731749.png

 

for icmp, there are no flags in ASA under show conn outputs, but i observed one thing that if i ping from source (inside) to outside then i can see inside 10.1.1.10:5 (:9) always incrementing whenever we initate ping and destination ip:0 is always ZERO like below:

Inside to outside ping

ciscoasa# sh conn
1 in use, 1 most used

ICMP outside 100.1.1.2:0 inside 10.1.1.10:9, idle 0:00:00, bytes 17208, flags

outside to inside ping

if i ping from outside to inside then source 100.1.1.2:4 is after : is incrementing and destination ip 10.1.1.10 is always zero

ciscoasa# sh conn
1 in use, 1 most used

ICMP outside 100.1.1.2:7 inside 10.1.1.10:0, idle 0:00:01, bytes 20520, flags

my query is here if i see destination ip with :zero then source ip will be the IP whos number is incrementing after  :9 or :5 so can we conclude that traffic initiated from 100.1.1.2 (outside to inside) and traffic initiated by 10.1.1.10 (inside to outside) since destination IP showing :0 only in both cases ?

0 Helpful
1 Reply 1

rocky2024
Level 1
Level 1

‎08-09-2023 01:52 AM

like if we see UIOB that means outside to inside and without B UIO inside to outside, we can identify from which direction traffic initiated but for ICMP we dont see any flags so can we conclude as per above message ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card