Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-9
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Name: ipsec-clearpkt-notun
IPsec Clear Pkt w/no tunnel:
This counter will increment when the appliance receives a packet which should have
been encrypted but was not. The packet matched the inner header security policy check of a
configured and established IPsec connection on the appliance but was received unencrypted.
This is a security issue.
Recommendation:
Analyze your network traffic to determine the source of the spoofed IPsec traffic.
Syslogs:
402117
----------------------------------------------------------------
Name: ipsec-tun-down
IPsec tunnel is down:
This counter will increment when the appliance receives a packet associated with an
IPsec connection which is in the process of being deleted.
Recommendation:
This is a normal condition when the IPsec tunnel is torn down for any reason.
Syslogs:
None
----------------------------------------------------------------
Name: mp-svc-delete-in-progress
SVC Module received data while connection was being deleted:
This counter will increment when the security appliance receives a packet associated
with an SVC connection that is in the process of being deleted.
Recommendation:
This is a normal condition when the SVC connection is torn down for any reason. If
this error occurs repeatedly or in large numbers, it could indicate that clients are
having network connectivity issues.
Syslogs:
None.
----------------------------------------------------------------
Name: mp-svc-bad-framing
SVC Module received badly framed data:
This counter will increment when the security appliance receives a packet from an SVC
or the control software that it is unable to decode.
Recommendation:
This indicates that a software error should be reported to the Cisco TAC. The SVC or
security appliance could be at fault.
Syslogs:
722037 (Only for SVC received data).
----------------------------------------------------------------
Name: mp-svc-bad-length
SVC Module received bad data length:
This counter will increment when the security appliance receives a packet from an SVC
or the control software where the calculated and specified lengths do not match.