Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-56
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
----------------------------------------------------------------
Name: cluster-no-msgp
Cluster unit is out of message descriptor:
    Cluster unit is out of message descriptor.
Recommendation:
    None.
Syslogs:
    None.
----------------------------------------------------------------
Name: cluster-slave-ignored
Flow matched a cluster drop-on-slave classify rule:
    A multicast routing packet was received on a L3 cluster     interface when the unit 
was a slave.Only a master unit     is permitted to process these packets.
Recommendation:
    This counter is informational and the behavior expected.The packet is    processed by 
master.
Syslogs:
    None.
----------------------------------------------------------------
Name: cluster-non-owner-ignored
Flow matched a cluster drop-on-non-owner classify rule:
    A multicast data packet was received on a L3 cluster     interface when the unit was 
not an elected owner unit.     Only an elected owner unit is permitted to process     
these packets.
Recommendation:
    This counter is informational and the behavior expected.The packet is    processed by 
one elected owner unit.
Syslogs:
    None.
----------------------------------------------------------------
Name: nat-xlate-failed
NAT failed:
    Failed to create an xlate to translate an IP or transport header.
Recommendation:
    If NAT is not desired, disable "nat-control".Otherwise, use the "static", "nat" or 
"global" command to configure NAT policy for the dropped flow.For dynamic NAT, ensure that 
each "nat" command is paired with at least one "global" command.Use "show nat" and "debug 
pix process" to verify NAT rules.
Syslogs:
    305005, 305006, 305009, 305010, 305011, 305012
----------------------------------------------------------------
Name: nat-rpf-failed
NAT reverse path failed:
    Rejected attempt to connect to a translated host using the translated host's real 
address.
Recommendation:
    When not on the same interface as the host undergoing NAT, use the mapped address 
instead of the real address to connect to the host.Also, enable the appropriate inspect 
command if the application embeds IP address.
Syslogs:
    305005