Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-20
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Recommendations:
To allow such TCP packets or clear non-standard TCP header options and then allow the
packet, use tcp-options configuration under tcp-map.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-mss-exceeded
TCP data exceeded MSS:
This counter is incremented and the packet is dropped when the appliance receives a
TCP packet with data length greater than the MSS advertised by peer TCP endpoint.
Recommendations:
To allow such TCP packets use exceed-mss configuration under tcp-map
Syslogs:
4419001
----------------------------------------------------------------
Name: tcp-synack-data
TCP SYNACK with data:
This counter is incremented and the packet is dropped when the appliance receives a
TCP SYN-ACK packet with data.
Recommendations:
The packet corruption may be caused by a bad cable or noise on the line.It may also be
that a TCP endpoint is sending corrupted packets and an attack is in progress.Please use
the packet capture feature to learn more about the origin of the packet.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-syn-data
TCP SYN with data:
This counter is incremented and the packet is dropped when the appliance receives a
TCP SYN packet with data.
Recommendations:
To allow such TCP packets use syn-data configuration under tcp-map.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-dual-open
TCP Dual open denied:
This counter is incremented and the packet is dropped when the appliance receives a
TCP SYN packet from the server, when an embryonic TCP connection is already open.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------