Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
2
Replies

TCP Connection Flags

giancarlo.mannato
Level 1
Level 1

‎02-10-2015 07:45 AM - edited ‎03-05-2019 12:45 AM

A client C1 on the inside does connect in RDP to a server S1 on the outside.

Via CLI I can see (show conn | include <IP_src_C1>):

TCP <interface_inside> <IP_src_C1>:50299 <interface_outside> <IP_dest_S1>:3389  . . . FLAGS – UBOI

 

Then, a client C2 connects to a server S2, and I see (show conn | include <IP_src_C2>):

TCP <interface_outside> <IP_dest_S2>:3389  <interface_inside> <IP_src_C2>:49423 . . . FLAGS – UOI

 

Does anyone know why in the first case, the source field contains the IP source of the connection and there is the “B” flag (initial SYN from outside) while in the second case,  the source field contains the IP destination of the connection (without B flag)?

 

Thank you!

 

Labels:
0 Helpful
2 Replies 2

AMediaFilm
Level 1
Level 1

‎02-11-2015 03:39 AM

Let me guess. Is it because they translated via different nat rules?

Is `sh nat <IP_dest_S1>` confirms my guess?

0 Helpful

giancarlo.mannato
Level 1
Level 1
In response to AMediaFilm

‎02-18-2015 01:43 PM

It happens even without any NAT.
In the example, I'm going from the client to the internal DMZ ...

But in other cases, I have a Dynamic Policy on the inside interface that translates the local address in a public one on the outside interface, and when I do a connect to a server from the Live environment I see the "conn" in straight sense, but when I do a connect to a server from the Test environment, the "conn" is in the other side...

0 Helpful
Customers Also Viewed These Support Documents