Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-27
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
 Recommendation:
    If you are receiving many bad crypto indications your appliance may need servicing.  
You should enable syslog 402123 to determine whether the crypto errors are hardware or 
software errors. You can also check the error counter in the global IPsec statistics with 
the 'show ipsec stats' CLI command. If the IPsec SA which is triggering these errors is 
known, the SA statistics from the 'show ipsec sa detail' command will also be useful in 
diagnosing the problem.
 Syslogs:
    402123
----------------------------------------------------------------
Name: send-ctm-error
Send to CTM returned error:
    This counter is obsolete in the appliance and should never increment.
 Recommendation:
    None
 Syslogs:
    None
----------------------------------------------------------------
Name: security-failed
Early security checks failed:
    This counter is incremented and packet is dropped when the security appliance :
    - receives an IPv4 multicast packet when the packets multicast MAC address doesn't 
match the packets multicast destination IP address
    - receives an IPv6 or IPv4 teardrop fragment containing either small offset or 
fragment overlapping
    - receives an IPv4 packet that matches an IP audit (IPS) signature
Recommendation:
    Contact the remote peer administrator or escalate this issue according to your 
security policy
    For detailed description and syslogs for IP audit attack checks please refer the ip 
audit signature section of command reference guide
Syslogs:
    106020
    400xx in case of ip audit checks
----------------------------------------------------------------
Name: sp-security-failed
Slowpath security checks failed:
    This counter is incremented and packet is dropped when the security appliance is:
    1) In routed mode receives a through-the-box:
       - L2 broadcast packet
       - IPv4 packet with destination IP address equal to 0.0.0.0
       - IPv4 packet with source IP address equal to 0.0.0.0
    2) In routed or transparent mode and receives a through-the-box IPv4 packet with:
       - first octet of the source IP address equal to zero
       - source IP address equal to the loopback IP address
       - network part of source IP address equal to all 0's
       - network part of the source IP address equal to all 1's
       - source IP address host part equal to all 0's or all 1's
    3) In routed or transparent mode and receives an IPv4 or IPv6 packet with same source 
and destination IP addresses