What is the local host on ASA?

Deepak Chauhan · ‎08-14-2016

Can someone please tell me what is the local-host on ASA? And difference between command "Show local-host" and "Show Conn"?

B. BELHADJ · ‎08-15-2016

Hi,

Sometimes we can retrieve the same informations.

This is a simple example:

ASA-1# show conn all
5 in use, 62 most used

UDP inside 172.20.10.213:514 NP Identity Ifc 172.20.10.1:514, idle 0:00:04, bytes 164, flags -
UDP inside 172.20.10.11:2055 NP Identity Ifc 172.20.10.1:32620, idle 0:00:27, bytes 89804, flags -
TCP inside 172.20.10.250:35635 NP Identity Ifc 172.20.10.1:22, idle 0:00:00, bytes 28399, flags UOB
TCP inside 172.20.10.250:33891 NP Identity Ifc 172.20.10.1:443, idle 0:00:03, bytes 1366495, flags UOB
TCP inside 172.20.10.250:33887 NP Identity Ifc 172.20.10.1:443, idle 0:00:04, bytes 66911, flags UOB
ASA-1#

ASA-1# show local-host all

Interface management: 0 active, 2 maximum active, 0 denied
Interface DMZ-IPv6-Partners: 0 active, 0 maximum active, 0 denied
Interface outside: 0 active, 0 maximum active, 0 denied
Interface inside: 3 active, 5 maximum active, 0 denied
local host: <172.20.10.213>,
    TCP flow count/limit = 0/unlimited
    TCP embryonic count to host = 0
    TCP intercept watermark = unlimited
    UDP flow count/limit = 1/unlimited

Conn:
    UDP inside 172.20.10.213:514 NP Identity Ifc 172.20.10.1:514, idle 0:00:35, bytes 164, flags -
local host: <172.20.10.11>,
    TCP flow count/limit = 0/unlimited
    TCP embryonic count to host = 0
    TCP intercept watermark = unlimited
    UDP flow count/limit = 1/unlimited

Please refer to the following links for further information:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/s2.html

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/s4.html

This is a nice article wrote by Paul Stewart:

http://www.packetu.com/2014/04/21/dont-forget-asas-show-conn-command/