Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-77
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Name: nat-rpf-failed
NAT reverse path failed:
Rejected attempt to connect to a translated host using the translated host's real
address.
Recommendation:
When not on the same interface as the host undergoing NAT, use the mapped address
instead of the real address to connect to the host.Also, enable the appropriate inspect
command if the application embeds IP address.
Syslogs:
305005
----------------------------------------------------------------
Name: inspect-fail
Inspection failure:
This counter will increment when the appliance fails to enable protocol inspection
carried out by the NP for the connection.The cause could be memory allocation failure, or
for ICMP error message, the appliance not being able to find any established connection
related to the frame embedded in the ICMP error message.
Recommendation:
Check system memory usage.For ICMP error message, if the cause is an attack, you can
deny the host using the ACLs.
Syslogs:
313004 for ICMP error.
----------------------------------------------------------------
Name: no-inspect
Failed to allocate inspection:
This counter will increment when the security appliance fails to allocate a run-time
inspection data structure upon connection creation.The connection will be dropped.
Recommendation:
This error condition is caused when the security appliance runs out of system memory.
Please check the current available free memory by executing the "show memory" command.
Syslogs:
None
----------------------------------------------------------------
Name: reset-by-ips
Flow reset by IPS:
This reason is given for terminating a TCP flow as requested by IPS module.
Recommendations:
Check syslogs and alerts on IPS module.
Syslogs:
420003
----------------------------------------------------------------
Name: flow-reclaimed
Non-tcp/udp flow reclaimed for new request:
This counter is incremented when a reclaimable flow is removed to make room for a new
flow.This occurs only when the number of flows through the appliance equals the maximum
number permitted by the software imposed limit, and a new flow request is received.When