Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-65
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
    Verify that you can communicate with the destination peer and verify your crypto 
configuration via the 'show running-config' command.
Syslogs:
    None
----------------------------------------------------------------
Name: vpn-handle-error
VPN handle error:
    This counter is incremented when the appliance is unable to create a VPN handle 
because the VPN handle already exists.
Recommendation:
    It is possible to see this counter increment as part of normal operation.However, if 
the counter is rapidly incrementing and there is a major malfunction of vpn-based 
applications, then this may be caused by a software defect.Use the following command sto 
gather more information about this counter and ontact the Cisco TAC to investigate the 
issue further.
    capture <name> type asp-drop vpn-handle-error
    show asp table classify crypto
    show asp table vpn-context detail
Syslogs:
    None
----------------------------------------------------------------
Name: vpn-handle-not-found
VPN handle not found:
    This counter is incremented when a datagram hits an encrypt or decrypt rule, and no 
VPN handle is found for the flow the datagram is on.
Recommendation:
    It is possible to see this counter increment as part of normal operation.However, if 
the counter is rapidly incrementing and there is a major malfunction of vpn-based 
applications, then this may be caused by a software defect.Use the following command sto 
gather more information about this counter and ontact the Cisco TAC to investigate the 
issue further.
    capture <name> type asp-drop vpn-handle-not-found
    show asp table classify crypto
    show asp table vpn-context detail
Syslogs:
    None
----------------------------------------------------------------
Name: ipsec-spoof-detect
IPsec spoof packet detected:
    This counter will increment when the appliance receives a packet which should have 
been encrypted but was not.The packet matched the inner header security policy check of a 
configured and established IPsec connection on the appliance but was received 
unencrypted.This is a security issue.
Recommendation:
    Analyze your network traffic to determine the source of the spoofed IPsec traffic.
Syslogs:
    402117