Understanding ASA commands

How to interpret show route output in ASA:

ASA# show route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
Gateway of last resort is 10.50.50.1 to network 0.0.0.0
S    192.168.120.0 255.255.255.0 [1/0] via 10.64.55.1, inside

In output of the command [1/0] represents AD/Metric

Understanding show conn, show conn detailed, show xlate, show xlate detailed:

topology-1

When R1 will do a telnet to R2 following will be showing in the output when there is no nat:

ASA1(config)# show conn
1 in use, 1 most used
TCP out 12.12.12.2:23 in 11.11.11.11:59178 idle 0:00:07 bytes 102 flags UIO
ASA1(config)# show conn detail
1 in use, 1 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
 B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
 E - outside back connection, F - outside FIN, f - inside FIN,
 G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
 i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
 k - Skinny media, M - SMTP data, m - SIP media, n - GUP
 O - outbound data, P - inside back connection, q - SQL*Net data,
 R - outside acknowledged FIN,
 R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
 s - awaiting outside SYN, T - SIP, t - SIP transient, U - up
 X - inspected by service module
TCP outside:12.12.12.2/23 inside:11.11.11.11/59178 flags UIO

When R1 will do a telnet to R2 following will be showing in the output with nat:

ASA1(config)# show conn
1 in use, 3 most used
TCP out 12.12.12.2:23 in 11.11.11.11:12275 idle 0:00:28 bytes 102 flags UIO
ASA1(config)# show conn de
ASA1(config)# show conn detail
1 in use, 3 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
 B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
 E - outside back connection, F - outside FIN, f - inside FIN,
 G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
 i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
 k - Skinny media, M - SMTP data, m - SIP media, n - GUP
 O - outbound data, P - inside back connection, q - SQL*Net data,
 R - outside acknowledged FIN,
 R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
 s - awaiting outside SYN, T - SIP, t - SIP transient, U - up
 X - inspected by service module
TCP outside:12.12.12.2/23 inside:11.11.11.11/12275 flags UIO



ASA1(config)# show xlate
1 in use, 2 most used
PAT Global 12.12.12.1(1025) Local 11.11.11.11(12275)

ASA1(config)# show xlate detail
1 in use, 2 most used
Flags: D - DNS, d - dump, I - identity, i - dynamic, n - no random,
 r - portmap, s - static
TCP PAT from inside:11.11.11.11/12275 to outside(nat-all-traffic):12.12.12.1/1025 flags ri
Advertisements
This entry was posted in ASA. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s