Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-13
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Recommendation:
It is possible to see this counter increment as part of normal operation However, if
the counter is rapidly incrementing and there is a major malfunction of vpn-based
applications, then this may be caused by a software defect. Contact the Cisco TAC to
investigate the issue further.
Syslogs:
None.
----------------------------------------------------------------
Name: ipsec-lock-error
IPsec locking error:
This counter is incremented when an IPsec operation is attempted but fails due to an
internal locking error.
Recommendation:
This condition should never be encountered during normal operation and may indicate a
software problem with the appliance. Contact the Cisco Technical Assistance Center (TAC)
if this error occurs.
Syslogs:
None.
----------------------------------------------------------------
Name: vpn-handle-mismatch
VPN Handle Mismatch:
This counter is incremented when the appliance wants to forward a block and the flow
referred to by the VPN Handle is different than the flow associated with the block.
Recommendation:
This is not a normal occurrence. Please enter the show console-output command and
forward that output to CISCO TAC for further analysis.
Syslogs:
None.
----------------------------------------------------------------
Name: vpn-reclassify-failed
VPN Reclassify Failed:
This counter is incremented when a packet for a VPN flow is dropped due to the flow
failing to be reclassified after a VPN state change.
Recommendation:
This counter is incremented when a packet for a VPN flow arrives that requires
reclassification due to VPN CLI or Tunnel state changes. If the flow no longer matches the
existing policies, then the flow is freed and the packet dropped.
Syslogs:
No new syslogs accompany this event.
----------------------------------------------------------------
Name: punt-rate-limit
Punt rate limit exceeded:
This counter will increment when the appliance attempts to forward a layer-2 packet to
a rate-limited control point service routine and the rate limit (per/second) is now being
exceeded. Currently, the only layer-2 packets destined for a control point service routine
which are rate limited are ARP packets. The ARP packet rate limit is 500 ARPs per second
per interface.