Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-76
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
----------------------------------------------------------------
Name: ips-fail-close
IPS fail-close:
    This reason is given for terminating a flow since IPS card is down and fail-close 
option was used with IPS inspection.
Recommendations:
    Check and bring up IPS card.
Syslogs:
    420001
----------------------------------------------------------------
Name: reinject-punt
Flow terminated by punt action:
    This counter is incremented when a packet is punted to the exception-path for 
processing by one of the enhanced services such as inspect, aaa etc and the servicing 
routine, having detected a violation in the traffic flowing on the flow, requests that the 
flow be dropped.The flow is immediately dropped.
Recommendation:
    Please watch for syslogs fired by servicing routine for more information.Flow drop 
terminates the corresponding connection.
Syslogs:
    None.
----------------------------------------------------------------
Name: shunned
Flow shunned:
    This counter will increment when a packet is received which has a source IP address 
that matches a host in the shun database.When a shun command is applied, it will be 
incremented for each existing flow that matches the shun command.
Recommendation:
    No action required.
Syslogs:
    401004
----------------------------------------------------------------
Name: host-limit
host-limit
----------------------------------------------------------------
Name: nat-failed
NAT failed:
    Failed to create an xlate to translate an IP or transport header.
Recommendation:
    If NAT is not desired, disable "nat-control".Otherwise, use the "static", "nat" or 
"global" command to configure NAT policy for the dropped flow.For dynamic NAT, ensure that 
each "nat" command is paired with at least one "global" command.Use "show nat" and "debug 
pix process" to verify NAT rules.
Syslogs:
    305005, 305006, 305009, 305010, 305011, 305012
----------------------------------------------------------------