Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-23
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-discarded-ooo
TCP ACK in 3 way handshake invalid:
    This counter is incremented and the packet is dropped when appliance receives a TCP 
ACK packet from client during three-way-handshake and the sequence number is not next 
expected sequence number.
Recommendations:
    None
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-buffer-full
TCP Out-of-Order packet buffer full:
    This counter is incremented and the packet is dropped when appliance receives an 
out-of-order TCP packet on a connection and there is no buffer space to store this 
packet.Typically TCP packets are put into order on connections that are inspected by the 
appliance or when packets are sent to SSM for inspection.There is a default queue size and 
when packets in excess of this default queue size are received they will be dropped.
Recommendations:
    On ASA platforms the queue size could be increased using queue-limit configuration 
under tcp-map.
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-global-buffer-full
TCP global Out-of-Order packet buffer full:
    This counter is incremented and the packet is dropped when the security appliance 
receives an out-of-order TCP packet on a connection and there are no more global buffers 
available.Typically TCP packets are put into order on connections that are inspected by 
the security appliance or when packets are sent to the SSM for inspection.When the global 
Out-of-Order buffer queue is full, the packet will be dropped and this counter will 
increment.
Recommendations:
    This is a temporary condition when all global buffers are used.If this counter is 
constantly incrementing, then please check your network for large amounts of Out-of-Order 
traffic, which could be caused by traffic of the same flow taking different routes through 
the network.
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-buffer-timeout
TCP Out-of-Order packet buffer timeout:
    This counter is incremented and the packet is dropped when a queued out of order TCP 
packet has been held in the buffer for too long.Typically, TCP packets are put into order 
on connections that are inspected by the security appliance or when packets are sent to 
the SSM for inspection.When the next expected TCP packet does not arrive within a certain 
period, the queued out of order packet is dropped.