Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Download
Page of 1214
 
3-83
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
Recommendation:
    This message indicates either a misbehaving application or an active attempt to 
exhaust the firewall memory.Use "set connection per-client-max" command to further fine 
tune the limit.For FTP, additionally enable the "strict" option in "inspect ftp".
Syslogs:
    210005
----------------------------------------------------------------
Name: tracer-flow
packet-tracer traced flow drop:
    This counter is internally used by packet-tracer for flow freed once tracing is 
complete.
Recommendation:
    None.
Syslog:
    None.
----------------------------------------------------------------
Name: sp-looping-address
looping-address:
    This counter is incremented when the source and destination addresses in a flow are 
the same.SIP flows where address privacy is enabled are excluded, as it is normal for 
those flows to have the same source and destination address.
 Recommendation:
    There are two possible conditions when this counter will increment. One is when the 
appliance receives a packet with the source address equal to the destination. This 
represents a type of DoS attack. The second is when the NAT configuration of the appliance 
NATs a source address to equal that of the destination. One should examine syslog message 
106017 to determine what IP address is causing the counter to increment, then enable 
packet captures to capture the offending packet, and perform additional analysis. 
 Syslogs:
    106017
----------------------------------------------------------------
Name: no-adjacency
No valid adjacency:
    This counter will increment when the security appliance receives a packet on an 
existing flow that no longer has a valid output adjacency.This can occur if the nexthop is 
no longer reachable or if a routing change has occurred typically in a dynamic routing 
environment.
 Recommendation:
    No action required.
 Syslogs:
    None
----------------------------------------------------------------
Name: np-midpath-service-failure
NP midpath service failure:
    This is a general counter for critical midpath service errors.
Recommendation:
    This indicates that a software error should be reported to the Cisco TAC.