Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-13
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
 Recommendation:
    It is possible to see this counter increment as part of normal operation However, if 
the counter is rapidly incrementing and there is a major malfunction of vpn-based 
applications, then this may be caused by a software defect. Contact the Cisco TAC to 
investigate the issue further. 
 Syslogs:
    None.
----------------------------------------------------------------
Name: ipsec-lock-error
IPsec locking error:
    This counter is incremented when an IPsec operation is attempted but fails due to an 
internal locking error.
Recommendation:
    This condition should never be encountered during normal operation and may indicate a 
software problem with the appliance. Contact the Cisco Technical Assistance Center (TAC) 
if this error occurs.
Syslogs:
    None.
----------------------------------------------------------------
Name: vpn-handle-mismatch
VPN Handle Mismatch:
    This counter is incremented when the appliance wants to forward a block and the flow 
referred to by the VPN Handle is different than the flow associated with the block.
 Recommendation:
    This is not a normal occurrence. Please enter the show console-output command and 
forward that output to CISCO TAC for further analysis.
 Syslogs:
    None.
----------------------------------------------------------------
Name: vpn-reclassify-failed
VPN Reclassify Failed:
    This counter is incremented when a packet for a VPN flow is dropped due to the flow 
failing to be reclassified after a VPN state change.
 Recommendation:
    This counter is incremented when a packet for a VPN flow arrives that requires 
reclassification due to VPN CLI or Tunnel state changes. If the flow no longer matches the 
existing policies, then the flow is freed and the packet dropped. 
 Syslogs:
    No new syslogs accompany this event.
----------------------------------------------------------------
Name: punt-rate-limit
Punt rate limit exceeded:
    This counter will increment when the appliance attempts to forward a layer-2 packet to 
a rate-limited control point service routine and the rate limit (per/second) is now being 
exceeded. Currently, the only layer-2 packets destined for a control point service routine 
which are rate limited are ARP packets. The ARP packet rate limit is 500 ARPs per second 
per interface.