Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-78
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
this occurs, if the number of reclaimable flows exceeds the number of VPN tunnels 
permitted by the appliance, then the oldest reclaimable flow is removed to make room for 
the new flow.All flows except the following are deemed to be reclaimable:
    1. TCP, UDP, GRE and Failover flows
    2. ICMP flows if ICMP stateful inspection is enabled
    3. ESP flows to the appliance
Recommendation:
    No action is required if this counter is incrementing slowly.If this counter is 
incrementing rapidly, it could mean that the appliance is under attack and the appliance 
is spending more time reclaiming and rebuilding flows.
Syslogs
    302021
----------------------------------------------------------------
Name: non_tcp_syn
non-syn TCP:
    This reason is given for terminating a TCP flow when the first packet is not a SYN 
packet.
Recommendations:
    None
Syslogs:
    None
----------------------------------------------------------------
Name: rm-xlate-limit
RM xlate limit reached:
    This counter is incremented when the maximum number of xlates for a context or the 
system has been reached and a new connection is attempted.
 Recommendation:
    The device administrator can use the commands 'show resource usage' and 'show resource 
usage system' to view context and system resource limits and 'Denied' counts and adjust 
resource limits if desired.
 Syslogs:
    321001
----------------------------------------------------------------
Name: rm-host-limit
RM host limit reached:
    This counter is incremented when the maximum number of hosts for a context or the 
system has been reached and a new connection is attempted.
 Recommendation:
    The device administrator can use the commands 'show resource usage' and 'show resource 
usage system' to view context and system resource limits and 'Denied' counts and adjust 
resource limits if desired.
 Syslogs:
    321001
----------------------------------------------------------------
Name: rm-inspect-rate-limit
RM inspect rate limit reached:
    This counter is incremented when the maximum inspection rate for a context or the 
system has been reached and a new connection is attempted.