Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet
3-59
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Recommendation:
This counter is informational and the behavior expected.
Syslogs:
302014
----------------------------------------------------------------
Name: cluster-ctp-punt-channel-missing
Flow removed at bulk sync becasue CTP punt channel is missing:
Flow is removed during bulk sync because CTP punt channel is missing in cluster
restored flow.
Recommendation:
The cluster master may have just left the cluster, and there might be packet drops on
the Cluster Control Link.
Syslogs:
302014
----------------------------------------------------------------
Name: ike-sa-rate-limit
IKE need SA indication per SA rule rate limit exceeded:
This counter will increment when the appliance attempts to send a message,indicating
that a new SA is needed for a rate-limited control point service routine and the rate
limit (per/second) is now being exceeded.The current rate is one message every two
seconds.
Recommendation:
This counter is informational and the behavior expected.The packet will be dropped.
Syslogs:
None
----------------------------------------------------------------
Name: ike-sa-global-rate-limit
IKE new SA global limit exceeded:
This counter will increment when the appliance attempts to send a message,indicating
that a new SA is needed for a rate-limited control point service routine and the global
rate limit (per/second) is now being exceeded.The current rate is ten messages per second.
Recommendation:
This counter is informational and the behavior expected.The packet will be dropped.
Syslogs:
None
----------------------------------------------------------------
Name: nat-cluster-invalid-unxlate-redirect
Cluster member dropped an invalid NAT untranslate redirect packet from peer:
Cluster member received a NAT untranslate packet from peer.However this member does
not own the NAT address pool the packet belongs to.
Recommendation:
This counter is a temporal condition after a cluster member failure.However, if this
counter is incremented continuously, it could be an internal software error.Contact Cisco
TAC in this case.
Syslogs:
None.