Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-66
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
----------------------------------------------------------------
Name: svc-spoof-detect
SVC spoof packet detected:
This counter will increment when the security appliance receives a packet which should
have been encrypted but was not.The packet matched the inner header security policy check
of a configured and established SVC connection on the security appliance but was received
unencrypted.This is a security issue.
Recommendation:
Analyze your network traffic to determine the source of the spoofed SVC traffic.
Syslogs:
None
----------------------------------------------------------------
Name: svc-failover
An SVC socket connection is being disconnected on the standby unit:
This counter is incremented for each new SVC socket connection that is disconnected
when the active unit is transitioning into standby state as part of a failover transition.
Recommendation:
None.This is part of a normal cleanup of a SVC connection when the current device is
transitioning from active to standby.Existing SVC connections on the device are no longer
valid and need to be removed.
Syslogs:
None.
----------------------------------------------------------------
Name: svc-replacement-conn
SVC replacement connection established:
This counter is incremented when an SVC connection is replaced by a new connection.
Recommendation:
None.This may indicate that users are having difficulty maintaining connections to the
ASA.Users should evaluate the quality of their home network and Internet connection.
Syslog:
722032
----------------------------------------------------------------
Name: ipsec-selector-failure
IPsec VPN inner policy selector mismatch detected:
This counter is incremented when an IPsec packet is received with an inner IP header
that does not match the configured policy for the tunnel.
Recommendation:
Verify that the crypto ACLs for the tunnel are correct and that all acceptable packets
are included in the tunnel identity. Verify that the box is not under attack if this
message is repeatedly seen.
Syslogs:
402116
----------------------------------------------------------------
Name: vpn-context-expired
Expired VPN context:
This counter will increment when the security appliance receives a packet that
requires encryption or decryption, and the ASP VPN context required to perform the
operation is no longer valid.