Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1179
Views
0
Helpful
4
Replies

show conn

kunal-united
Level 1
Level 1

‎10-05-2011 08:07 AM - edited ‎03-11-2019 02:34 PM

Hi,

# sh conn

TCP out 192.168.173.163:38105 in 10.10.192.54:3096 idle 0:00:14 Bytes 504 flags UfFrRIOB

TCP out 192.168.173.81:54814 in 10.10.194.142:3091 idle 0:00:06 Bytes 1147425 flags UIOB

Does sh conn# command tell you whether source 192.168.173.163 is accessing 10.10.192.254 directly.

Or this command tells you that a NAT is happening.

I assume is that destination 10.10.192.254 is getting NATTED with some other ip in between and that this command doesnt give you the info.

Basically, I think it the source can see the NATTED ip as well as the direct ip also.

Please let me know

Thanks,

Kunal

Labels:
0 Helpful
4 Replies 4

varrao
Level 10
Level 10

‎10-05-2011 08:17 AM

Hi Kunal,

Show conn tell you the number of connections going through the ASA, it tell you the connection between the source and destination. If you want to know if a particular ip is getting natted or not, then use:

show xlate | in 10.10.192.254

This gives you whether the translation is being made or not.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

varrao
Level 10
Level 10
In response to varrao

‎10-05-2011 08:19 AM

Here's the command reference as well:

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/command/reference/s2.html#wp1396672

Varun

Thanks,
Varun Rao
0 Helpful

kunal-united
Level 1
Level 1
In response to varrao

‎10-05-2011 08:32 AM

Hi Varun,

I am not able to access the page.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card