Cisco Cisco ASA 5580 Adaptive Security Appliance Dépliant

思科 ASA 系列命令参考，S 命令

第 4 章      show bgp 至 show cpu 命令

TCP outside  172.18.124.187:22 inside  192.168.103.131:44727, idle 0:00:00, bytes 

37240828, flags UIO

ASA3:*****************************************************************

10 in use, 12 most used

Cluster stub connections: 2 in use, 29 most used

TCP outside  172.18.124.187:22 inside  192.168.103.131:44727, idle 0:00:03, bytes 0, flags  

Y

ASA2 上的 show conn detail 命令的输出展示最近的转发器为 ASA1：

ciscoasa/ASA2/slave# show conn detail

12 in use, 13 most used

Cluster stub connections: 0 in use, 46 most used

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

       B - initial SYN from outside, b - TCP state-bypass or nailed, C - CTIQBE media,

       D - DNS, d - dump, E - outside back connection, F - outside FIN, f - inside FIN,

       G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,

       i - incomplete, J - GTP, j - GTP data, K - GTP t3-response

       k - Skinny media, M - SMTP data, m - SIP media, n - GUP

       O - outbound data, P - inside back connection, p - Phone-proxy TFTP connection,

       q - SQL*Net data, R - outside acknowledged FIN,

       R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,

       s - awaiting outside SYN, T - SIP, t - SIP transient, U - up,

       V - VPN orphan, W - WAAS, Z - Scansafe redirection,

       X - inspected by service module

       Y - director stub flow

       y - backup stub flow

       z - forwarder stub flow

TCP outside: 172.18.124.187/22 inside: 192.168.103.131/44727,

    flags UIO , idle 0s, uptime 25s, timeout 1h0m, bytes 1036044, cluster sent/rcvd bytes 

0/1032983, cluster sent/rcvd total bytes 0/1080779, owners (1,255)

Traffic received at interface outside

        Locally received: 0 (0 byte/s)

        From most recent forwarder ASA1: 1032983 (41319 byte/s)

Traffic received at interface inside

        Locally received: 3061 (122 byte/s)

以下示例展示如何显示身份防火墙功能的连接：

ciscoasa# show conn user-identity ?

exec mode commands/options:

  all       Enter this keyword to show conns including to-the-box and from-the-box

  detail    Enter this keyword to show conn in detail

  long      Enter this keyword to show conn in long format

  port      Enter this keyword to specify port

  protocol  Enter this keyword to specify conn protocol

  state     Enter this keyword to specify conn state

  |         Output modifiers

ciscoasa# show conn user-identity

1219 in use, 1904 most used

UDP inside (www.yahoo.com))10.0.0.2:1587 outside (user1)192.0.0.2:30000, idle 0:00:00, 

bytes 10, flags -

UDP inside (www.yahoo.com)10.0.0.2:1586 outside (user2)192.0.0.1:30000, idle 0:00:00, 

bytes 10, flags –

UDP inside 10.0.0.34:1586 outside 192.0.0.25:30000, idle 0:00:00, bytes 10, flags –

…

ciscoasa# show conn user user1

2 in use

UDP inside (www.yahoo.com))10.0.0.2:1587 outside (user1)192.0.0.2:30000, idle 0:00:00, 

bytes 10, flags –