Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-66
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
----------------------------------------------------------------
Name: svc-spoof-detect
SVC spoof packet detected:
    This counter will increment when the security appliance receives a packet which should 
have been encrypted but was not.The packet matched the inner header security policy check 
of a configured and established SVC connection on the security appliance but was received 
unencrypted.This is a security issue.
Recommendation:
    Analyze your network traffic to determine the source of the spoofed SVC traffic.
Syslogs:
    None
----------------------------------------------------------------
Name: svc-failover
An SVC socket connection is being disconnected on the standby unit:
    This counter is incremented for each new SVC socket connection that is disconnected 
when the active unit is transitioning into standby state as part of a failover transition.
Recommendation:
    None.This is part of a normal cleanup of a SVC connection when the current device is 
transitioning from active to standby.Existing SVC connections on the device are no longer 
valid and need to be removed.
Syslogs:
    None.
----------------------------------------------------------------
Name: svc-replacement-conn
SVC replacement connection established:
    This counter is incremented when an SVC connection is replaced by a new connection.
Recommendation:
    None.This may indicate that users are having difficulty maintaining connections to the 
ASA.Users should evaluate the quality of their home network and Internet connection.
Syslog:
    722032
----------------------------------------------------------------
Name: ipsec-selector-failure
IPsec VPN inner policy selector mismatch detected:
    This counter is incremented when an IPsec packet is received with an inner IP header 
that does not match the configured policy for the tunnel.
 Recommendation:
    Verify that the crypto ACLs for the tunnel are correct and that all acceptable packets 
are included in the tunnel identity. Verify that the box is not under attack if this 
message is repeatedly seen.
 Syslogs:
    402116
----------------------------------------------------------------
Name: vpn-context-expired
Expired VPN context:
    This counter will increment when the security appliance receives a packet that 
requires encryption or decryption, and the ASP VPN context required to perform the 
operation is no longer valid.