Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-65
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Verify that you can communicate with the destination peer and verify your crypto
configuration via the 'show running-config' command.
Syslogs:
None
----------------------------------------------------------------
Name: vpn-handle-error
VPN handle error:
This counter is incremented when the appliance is unable to create a VPN handle
because the VPN handle already exists.
Recommendation:
It is possible to see this counter increment as part of normal operation.However, if
the counter is rapidly incrementing and there is a major malfunction of vpn-based
applications, then this may be caused by a software defect.Use the following command sto
gather more information about this counter and ontact the Cisco TAC to investigate the
issue further.
capture <name> type asp-drop vpn-handle-error
show asp table classify crypto
show asp table vpn-context detail
Syslogs:
None
----------------------------------------------------------------
Name: vpn-handle-not-found
VPN handle not found:
This counter is incremented when a datagram hits an encrypt or decrypt rule, and no
VPN handle is found for the flow the datagram is on.
Recommendation:
It is possible to see this counter increment as part of normal operation.However, if
the counter is rapidly incrementing and there is a major malfunction of vpn-based
applications, then this may be caused by a software defect.Use the following command sto
gather more information about this counter and ontact the Cisco TAC to investigate the
issue further.
capture <name> type asp-drop vpn-handle-not-found
show asp table classify crypto
show asp table vpn-context detail
Syslogs:
None
----------------------------------------------------------------
Name: ipsec-spoof-detect
IPsec spoof packet detected:
This counter will increment when the appliance receives a packet which should have
been encrypted but was not.The packet matched the inner header security policy check of a
configured and established IPsec connection on the appliance but was received
unencrypted.This is a security issue.
Recommendation:
Analyze your network traffic to determine the source of the spoofed IPsec traffic.
Syslogs:
402117