06-04-2013 10:02 AM - edited 03-11-2019 06:52 PM
Hi everyone,
I was reading cisco documentation
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080bcad00.shtml
It says for outbound connection from FW
TCP FLAG FW FLAG
SYN ---------------> saA
SYN+ACK <----------------- A
ACK ------------------> U
Need to understand that TCP FLAGS are sent by PC from inside the Network to the FW.
FW Flags are generated by FW ? or FW flags are sent by server from outside to the FW?
Thanks
Mahesh
Solved! Go to Solution.
06-04-2013 10:18 AM
Hi Mahesh,
The TCP flags you mention above refer to the 3 Way Handshake between a host opening a TCP connection to a server.
The flags on the ASA firewall are shown with commands "show conn" or "show conn detail" which show what the state of the TCP connection is from the ASAs perspective.
You can use the "show conn detail" to view the different flags and their meaning on the ASA CLI.
As you could see referring to the "show conn detail" output the FW Flags would mean this
The terms "inside" and "outside" above DONT refer to the "nameif" of an interface. They refer to the interface "security-level". The one with higher "security-level" is refered to in the ASA flags by inside and the one with lower "security-level" is referred to as the outside.
Here is also a good page online about the same subject
http://ccnpsecurity.blogspot.fi/2011/11/asa-flags-associated-with-tcp.html
Hope this helps
- Jouni
06-04-2013 10:18 AM
Hi Mahesh,
The TCP flags you mention above refer to the 3 Way Handshake between a host opening a TCP connection to a server.
The flags on the ASA firewall are shown with commands "show conn" or "show conn detail" which show what the state of the TCP connection is from the ASAs perspective.
You can use the "show conn detail" to view the different flags and their meaning on the ASA CLI.
As you could see referring to the "show conn detail" output the FW Flags would mean this
The terms "inside" and "outside" above DONT refer to the "nameif" of an interface. They refer to the interface "security-level". The one with higher "security-level" is refered to in the ASA flags by inside and the one with lower "security-level" is referred to as the outside.
Here is also a good page online about the same subject
http://ccnpsecurity.blogspot.fi/2011/11/asa-flags-associated-with-tcp.html
Hope this helps
- Jouni
06-04-2013 11:25 AM
Hi Jouni,
It was very good explanation by you and that link.
Regards
Mahesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide