Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-23
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Syslogs:
None
----------------------------------------------------------------
Name: tcp-discarded-ooo
TCP ACK in 3 way handshake invalid:
This counter is incremented and the packet is dropped when appliance receives a TCP
ACK packet from client during three-way-handshake and the sequence number is not next
expected sequence number.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-buffer-full
TCP Out-of-Order packet buffer full:
This counter is incremented and the packet is dropped when appliance receives an
out-of-order TCP packet on a connection and there is no buffer space to store this
packet.Typically TCP packets are put into order on connections that are inspected by the
appliance or when packets are sent to SSM for inspection.There is a default queue size and
when packets in excess of this default queue size are received they will be dropped.
Recommendations:
On ASA platforms the queue size could be increased using queue-limit configuration
under tcp-map.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-global-buffer-full
TCP global Out-of-Order packet buffer full:
This counter is incremented and the packet is dropped when the security appliance
receives an out-of-order TCP packet on a connection and there are no more global buffers
available.Typically TCP packets are put into order on connections that are inspected by
the security appliance or when packets are sent to the SSM for inspection.When the global
Out-of-Order buffer queue is full, the packet will be dropped and this counter will
increment.
Recommendations:
This is a temporary condition when all global buffers are used.If this counter is
constantly incrementing, then please check your network for large amounts of Out-of-Order
traffic, which could be caused by traffic of the same flow taking different routes through
the network.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-buffer-timeout
TCP Out-of-Order packet buffer timeout:
This counter is incremented and the packet is dropped when a queued out of order TCP
packet has been held in the buffer for too long.Typically, TCP packets are put into order
on connections that are inspected by the security appliance or when packets are sent to
the SSM for inspection.When the next expected TCP packet does not arrive within a certain
period, the queued out of order packet is dropped.