Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-80
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Name: ssl-bad-record-detect
SSL bad record detected:
This counter is incremented for each unknown SSL record type received from the remote
peer.Any unknown record type received from the peer is treated as a fatal error and the
SSL connections that encounter this error must be terminated.
Recommendation:
It is not normal to see this counter increment at any time.If this counter is
incremented, it usually means that the SSL protocol state is out of sync with the client
software.The most likely cause of this problem is a software defect in the client
software.Contact the Cisco TAC with the client software or web browser version and provide
a network trace of the SSL data exchange to troubleshoot this problem.
Syslogs:
None.
----------------------------------------------------------------
Name: ssl-handshake-failed
SSL handshake failed:
This counter is incremented when the TCP connection is dropped because the SSL
handshake failed.
Recommendation:
This is to indicate that the TCP connection is dropped because the SSL handshake
failed.If the problem cannot be resolved based on the syslog information generated by the
handshake failure condition, please include the related syslog information when contacting
the Cisco TAC.
Syslogs:
725006.
725014.
----------------------------------------------------------------
Name: ssl-malloc-error
SSL malloc error:
This counter is incremented for each malloc failure that occurs in the SSL lib.This is
to indicate that SSL encountered a low memory condition where it can't allocate a memory
buffer or packet block.
Recommendation:
Check the security appliance memory and packet block condition and contact Cisco the
TAC with this memory information.
Syslogs:
None.
----------------------------------------------------------------
Name: ctm-crypto-request-error
CTM crypto request error:
This counter is incremented each time CTM cannot accept our crypto request.This
usually means the crypto hardware request queue is full.
Recommendation:
Issue the show crypto protocol statistics ssl command and contact the Cisco TAC with
this information.
Syslogs:
None.
----------------------------------------------------------------