Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-25
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Name: tcp-conn-limit
TCP connection limit reached:
This reason is given for dropping a TCP packet during TCP connection establishment
phase when the connection limit has been exceeded.The connection limit is configured via
the 'set connection conn-max' action command.
Recommendation:
If this is incrementing rapidly, check the syslogs to determine which host's
connection limit is reached.The connection limit may need to be increased if the traffic
is normal, or the host may be under attack.
Syslogs:
201011
----------------------------------------------------------------
Name: conn-limit
Connection limit reached:
This reason is given for dropping a packet when the connection limit or host
connection limit has been exceeded.If this is a TCP packet which is dropped during TCP
connection establishment phase due to connection limit, the drop reason 'TCP connection
limit reached' is also reported.
Recommendation:
If this is incrementing rapidly, check the syslogs to determine which host's
connection limit is reached.The connection limit may need to be increased if the traffic
is normal, or the host may be under attack.
Syslogs:
201011
----------------------------------------------------------------
Name: tcp_xmit_partial
TCP retransmission partial:
This counter is incremented and the packet is dropped when check-retransmission
feature is enabled and a partial TCP retransmission was received.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcpnorm-rexmit-bad
TCP bad retransmission:
This counter is incremented and the packet is dropped when check-retransmission
feature is enabled and a TCP retransmission with different data from the original packet
was received.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcpnorm-win-variation
TCP unexpected window size variation:
This counter is incremented and the packet is dropped when window size advertised by
TCP endpoint is drastically changed without accepting that much data.