Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-25
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
Name: tcp-conn-limit
TCP connection limit reached:
    This reason is given for dropping a TCP packet during TCP connection establishment 
phase when the connection limit has been exceeded.The connection limit is configured via 
the 'set connection conn-max' action command.
Recommendation:
    If this is incrementing rapidly, check the syslogs to determine which host's 
connection limit is reached.The connection limit may need to be increased if the traffic 
is normal, or the host may be under attack.
Syslogs:
    201011
----------------------------------------------------------------
Name: conn-limit
Connection limit reached:
    This reason is given for dropping a packet when the connection limit or host 
connection limit has been exceeded.If this is a TCP packet which is dropped during TCP 
connection establishment phase due to connection limit, the drop reason 'TCP connection 
limit reached' is also reported.
Recommendation:
    If this is incrementing rapidly, check the syslogs to determine which host's 
connection limit is reached.The connection limit may need to be increased if the traffic 
is normal, or the host may be under attack.
Syslogs:
    201011
----------------------------------------------------------------
Name: tcp_xmit_partial
TCP retransmission partial:
    This counter is incremented and the packet is dropped when check-retransmission 
feature is enabled and a partial TCP retransmission was received.
Recommendations:
    None
Syslogs:
    None
----------------------------------------------------------------
Name: tcpnorm-rexmit-bad
TCP bad retransmission:
    This counter is incremented and the packet is dropped when check-retransmission 
feature is enabled and a TCP retransmission with different data from the original packet 
was received.
Recommendations:
    None
Syslogs:
    None
----------------------------------------------------------------
Name: tcpnorm-win-variation
TCP unexpected window size variation:
    This counter is incremented and the packet is dropped when window size advertised by 
TCP endpoint is drastically changed without accepting that much data.