Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-76
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
----------------------------------------------------------------
Name: ips-fail-close
IPS fail-close:
This reason is given for terminating a flow since IPS card is down and fail-close
option was used with IPS inspection.
Recommendations:
Check and bring up IPS card.
Syslogs:
420001
----------------------------------------------------------------
Name: reinject-punt
Flow terminated by punt action:
This counter is incremented when a packet is punted to the exception-path for
processing by one of the enhanced services such as inspect, aaa etc and the servicing
routine, having detected a violation in the traffic flowing on the flow, requests that the
flow be dropped.The flow is immediately dropped.
Recommendation:
Please watch for syslogs fired by servicing routine for more information.Flow drop
terminates the corresponding connection.
Syslogs:
None.
----------------------------------------------------------------
Name: shunned
Flow shunned:
This counter will increment when a packet is received which has a source IP address
that matches a host in the shun database.When a shun command is applied, it will be
incremented for each existing flow that matches the shun command.
Recommendation:
No action required.
Syslogs:
401004
----------------------------------------------------------------
Name: host-limit
host-limit
----------------------------------------------------------------
Name: nat-failed
NAT failed:
Failed to create an xlate to translate an IP or transport header.
Recommendation:
If NAT is not desired, disable "nat-control".Otherwise, use the "static", "nat" or
"global" command to configure NAT policy for the dropped flow.For dynamic NAT, ensure that
each "nat" command is paired with at least one "global" command.Use "show nat" and "debug
pix process" to verify NAT rules.
Syslogs:
305005, 305006, 305009, 305010, 305011, 305012
----------------------------------------------------------------