Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-9
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
Name: ipsec-clearpkt-notun
IPsec Clear Pkt w/no tunnel:
    This counter will increment when the appliance receives a packet which should have 
been encrypted but was not. The packet matched the inner header security policy check of a 
configured and established IPsec connection on the appliance but was received unencrypted. 
This is a security issue.
 Recommendation:
    Analyze your network traffic to determine the source of the spoofed IPsec traffic.
 Syslogs:
    402117
----------------------------------------------------------------
Name: ipsec-tun-down
IPsec tunnel is down:
    This counter will increment when the appliance receives a packet associated with an 
IPsec connection which is in the process of being deleted.
 Recommendation:
    This is a normal condition when the IPsec tunnel is torn down for any reason.
 Syslogs:
    None
----------------------------------------------------------------
Name: mp-svc-delete-in-progress
SVC Module received data while connection was being deleted:
    This counter will increment when the security appliance receives a packet associated 
with an SVC connection that is in the process of being deleted.
Recommendation:
    This is a normal condition when the SVC connection is torn down for any reason. If 
this error occurs repeatedly or in large numbers, it could indicate that clients are 
having network connectivity issues.
Syslogs:
    None.
----------------------------------------------------------------
Name: mp-svc-bad-framing
SVC Module received badly framed data:
    This counter will increment when the security appliance receives a packet from an SVC 
or the control software that it is unable to decode.
Recommendation:
    This indicates that a software error should be reported to the Cisco TAC. The SVC or 
security appliance could be at fault.
Syslogs:
    722037 (Only for SVC received data).
----------------------------------------------------------------
Name: mp-svc-bad-length
SVC Module received bad data length:
    This counter will increment when the security appliance receives a packet from an SVC 
or the control software where the calculated and specified lengths do not match.