Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-28
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
Recommendation:
    1 and 2) Determine if an external user is trying to compromise the protected 
network.Check for misconfigured clients.
    3) If this message counter is incrementing rapidly, an attack may be in progress.Use 
the packet capture feature to capture type asp packets, and check the source MAC address 
in the packet to see where they are coming from.
Syslogs:
    1 and 2) 106016
    3) 106017
----------------------------------------------------------------
Name: ipv6_sp-security-failed
IPv6 slowpath security checks failed:
    This counter is incremented and the packet is dropped for one of the following 
reasons:
1) IPv6 through-the-box packet with identical source and destination address.
2) IPv6 through-the-box packet with linklocal source or destination address.
3) IPv6 through-the-box packet with multicast destination address.
Recommendation:
    These packets could indicate malicious activity, or could be the result of a 
misconfigured IPv6 host.Use the packet capture feature to capture type asp packets, and 
use the source MAC address to identify the source.
Syslogs:
    For identical source and destination address, syslog 106016, else none.
----------------------------------------------------------------
Name: invalid-ip-option
IP option drop:
    This counter is incremented when any unicast packet with ip options or a multicast 
packet with ip-options that have not been configured to be accepted, is received by the 
security appliance.The packet is dropped.
Recommendation:
    Investigate why a packet with ip options is being sent by the sender.
Syslogs:
    None.
----------------------------------------------------------------
Name: lu-invalid-pkt
Invalid LU packet:
    Standby unit received a corrupted Logical Update packet.
 
Recommendation:
    The packet corruption could be caused by a bad cable, interface card, line noise, or 
software defect.If the interface appears to be functioning properly, then report the 
problem to Cisco TAC.
 
Syslogs:
    None
----------------------------------------------------------------
Name: fo-standby
Dropped by standby unit:
    If a through-the-box packet arrives at an appliance or context in a Standby state and 
a flow is created, the packet is dropped and the flow removed.This counter will increment 
each time a packet is dropped in this manner.