Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-19
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
'clear xlate' is issued. Also, if connections have not been recently removed, and the 
counter is incrementing rapidly, the appliance may be under attack. Capture a sniffer 
trace to help isolate the cause. 
Syslogs:
    6106015
----------------------------------------------------------------
Name: bad-tcp-cksum
Bad TCP checksum:
    This counter is incremented and the packet is dropped when the appliance receives a 
TCP packet whose computed TCP checksum does not match the recorded checksum in TCP header.
Recommendation:
    The packet corruption may be caused by a bad cable or noise on the line.It may also be 
that a TCP endpoint is sending corrupted packets and an attack is in progress.Please use 
the packet capture feature to learn more about the origin of the packet.To allow packets 
with incorrect TCP checksum disable checksum-verification feature under tcp-map.
Syslogs:
    None
----------------------------------------------------------------
Name: bad-tcp-flags
Bad TCP flags:
    This counter is incremented and the packet is dropped when the appliance receives a 
TCP packet with invalid TCP flags in TCP header.Example a packet with SYN and FIN TCP 
flags set will be dropped.
Recommendations:
    The packet corruption may be caused by a bad cable or noise on the line.It may also be 
that a TCP endpoint is sending corrupted packets and an attack is in progress.Please use 
the packet capture feature to learn more about the origin of the packet.
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-reserved-set
TCP reserved flags set:
    This counter is incremented and the packet is dropped when the appliance receives a 
TCP packet with reserved flags set in TCP header.
Recommendations:
    The packet corruption may be caused by a bad cable or noise on the line.It may also be 
that a TCP endpoint is sending corrupted packets and an attack is in progress.Please use 
the packet capture feature to learn more about the origin of the packet.To allow such TCP 
packets or clear reserved flags and then pass the packet use reserved-bits configuration 
under tcp-map.
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-bad-option-list
TCP option list invalid:
    This counter is incremented and the packet is dropped when the appliance receives a 
TCP packet with a non-standard TCP header option.