Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-31
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
----------------------------------------------------------------
Name: inspect-icmp-nat64-frag
ICMP NAT64 Inspect Fragmentation Error:
    This counter will increment when the appliance is unable to translate ICMP messages 
between IPv6 and IPv4 due to fragmentation.Per RFC-6145, ICMP packet fragments will not be 
translated.
Recommendation:
    No action required.
Syslogs:
    313005
----------------------------------------------------------------
Name: inspect-icmp-error-different-embedded-conn
ICMP Error Inspect different embedded conn:
    This counter will increment when the frame embedded in the ICMP error message does not 
match the established connection that has been identified when the ICMP connection is 
created.
Recommendation:
    No action required if it is an intermittent event.If the cause is an attack, you can 
deny the host using the ACLs.
Syslogs:
    313005
----------------------------------------------------------------
Name: inspect-icmpv6-error-invalid-pak
ICMPv6 Error Inspect invalid packet:
    This counter will increment when the appliance detects an invalid frame embedded in 
the ICMPv6 packet.This check is the same as that on IPv6 packets.Examples: Incomplete IPv6 
header; malformed IPv6 Next Header; etc.
Recommendation:
    No action required.
Syslogs:
    None.
----------------------------------------------------------------
Name: inspect-icmpv6-error-no-existing-conn
ICMPv6 Error Inspect no existing conn:
    This counter will increment when the appliance is not able to find any established 
connection related to the frame embedded in the ICMPv6 error message.
Recommendation:
    No action required if it is an intermittent event.If the cause is an attack, you can 
deny the host using the ACLs.
Syslogs:
    313005
----------------------------------------------------------------
Name: inspect-dns-invalid-pak
DNS Inspect invalid packet:
    This counter will increment when the appliance detects an invalid DNS packet.Examples: 
A DNS packet with no DNS header; the number of DNS resource records not matching the 
counter in the header; etc.