Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1014
Views
0
Helpful
2
Replies

Why sh conn always show TCP outside to inside

Go to solution
mahesh18
Level 6
Level 6

‎06-08-2013 09:44 AM - edited ‎03-11-2019 06:54 PM

Hi everyone,

Curious to know when i do sh conn  it always show

TCP outside to  inside 

or

TCP outside to DMZ

Even if i try to access the server in DMZ  from outside or when i open the websites from PC  behind the DMZ  or inside interface.

Regards

MAhesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎06-08-2013 09:57 AM

Hi Mahesh,

I dont remember ever reading anywhere where this would come from.

But like a few other things, the "security-level" defines this behaviour also.

When you have traffic between 2 interfaces of the ASA then the LOWEST "security-level" is always first and the HIGHEST "security-level" is always the second listed in the "show conn" output.

You can test this by for example reversing the "security-level" values on your interfaces.  If you have ACLs in your interfaces then nothing will be affected. On the other hand if you are only using "security-level" to control your traffic then it might stop traffic

Some other things that change depending on your "security-level" value are for example the logs about Built TCP and UDP connections.

When a connection comes from a LOWER to HIGHER "security-level" interface then the logs will say "Built inbound TCP/UDP connection"

When a connection comes from a HIGHER to LOWER "security-level" interface then the logs will say "Built outbound TCP/UDP connection"

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎06-08-2013 09:57 AM

Hi Mahesh,

I dont remember ever reading anywhere where this would come from.

But like a few other things, the "security-level" defines this behaviour also.

When you have traffic between 2 interfaces of the ASA then the LOWEST "security-level" is always first and the HIGHEST "security-level" is always the second listed in the "show conn" output.

You can test this by for example reversing the "security-level" values on your interfaces.  If you have ACLs in your interfaces then nothing will be affected. On the other hand if you are only using "security-level" to control your traffic then it might stop traffic

Some other things that change depending on your "security-level" value are for example the logs about Built TCP and UDP connections.

When a connection comes from a LOWER to HIGHER "security-level" interface then the logs will say "Built inbound TCP/UDP connection"

When a connection comes from a HIGHER to LOWER "security-level" interface then the logs will say "Built outbound TCP/UDP connection"

- Jouni

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎06-08-2013 10:03 AM

Hi Jouni,

I was trying to understand Fw logs on home ASA by trying to create few scenarios.

The info you provided is very useful in undertstanding the fw logs and to know in which direction traffic is flowing.

This is hard to find in books only people like you know.

Best regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card