Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-77
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
Name: nat-rpf-failed
NAT reverse path failed:
    Rejected attempt to connect to a translated host using the translated host's real 
address.
Recommendation:
    When not on the same interface as the host undergoing NAT, use the mapped address 
instead of the real address to connect to the host.Also, enable the appropriate inspect 
command if the application embeds IP address.
Syslogs:
    305005
----------------------------------------------------------------
Name: inspect-fail
Inspection failure:
    This counter will increment when the appliance fails to enable protocol inspection 
carried out by the NP for the connection.The cause could be memory allocation failure, or 
for ICMP error message, the appliance not being able to find any established connection 
related to the frame embedded in the ICMP error message.
Recommendation:
    Check system memory usage.For ICMP error message, if the cause is an attack, you can 
deny the host using the ACLs.
Syslogs:
    313004 for ICMP error.
----------------------------------------------------------------
Name: no-inspect
Failed to allocate inspection:
    This counter will increment when the security appliance fails to allocate a run-time 
inspection data structure upon connection creation.The connection will be dropped.
Recommendation:
    This error condition is caused when the security appliance runs out of system memory. 
Please check the current available free memory by executing the "show memory" command.
Syslogs:
    None
----------------------------------------------------------------
Name: reset-by-ips
Flow reset by IPS:
    This reason is given for terminating a TCP flow as requested by IPS module.
Recommendations:
    Check syslogs and alerts on IPS module.
Syslogs:
    420003
----------------------------------------------------------------
Name: flow-reclaimed
Non-tcp/udp flow reclaimed for new request:
    This counter is incremented when a reclaimable flow is removed to make room for a new 
flow.This occurs only when the number of flows through the appliance equals the maximum 
number permitted by the software imposed limit, and a new flow request is received.When