Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-5
Cisco ASA Series 명령 참조, S 명령      
 
3      show as-path-access-list through show auto-update 명령
  show asp drop    
프레임 삭제 사유
----------------------------------------------------------------
Name: natt-keepalive
NAT-T keepalive message:
    This counter will increment when the appliance receives an IPsec NAT-T keepalive 
message. NAT-T keepalive messages are sent from the IPsec peer to the appliance to keep 
NAT/PAT flow information current in network devices between the NAT-T IPsec peer and the 
appliance.
 Recommendation:
    If you have configured IPsec NAT-T on your appliance, this indication is normal and 
doesn't indicate a problem. If NAT-T is not configured on your appliance, analyze your 
network traffic to determine the source of the NAT-T traffic.
 Syslogs:
    None
----------------------------------------------------------------
Name: ipsecudp-keepalive
IPSEC/UDP keepalive message:
    This counter will increment when the appliance receives an IPsec over UDP keepalive 
message. IPsec over UDP keepalive messages are sent from the IPsec peer to the appliance 
to keep NAT/PAT flow information current in network devices between the IPsec over UDP 
peer and the appliance. Note - These are not industry standard NAT-T keepalive messages 
which are also carried over UDP and addressed to UDP port 4500. 
 Recommendation:
    If you have configured IPsec over UDP on your appliance, this indication is normal and 
doesn't indicate a problem. If IPsec over UDP is not configured on your appliance, analyze 
your network traffic to determine the source of the IPsec over UDP traffic.
 Syslogs:
    None
----------------------------------------------------------------
Name: bad-ipsec-prot
IPsec not AH or ESP:
    This counter will increment when the appliance receives a packet on an IPsec 
connection which is not an AH or ESP protocol. This is not a normal condition.
 Recommendation:
    If you are receiving many IPsec not AH or ESP indications on your appliance, analyze 
your network traffic to determine the source of the traffic.
 Syslogs:
    402115
----------------------------------------------------------------
Name: ipsec-ipv6
IPsec via IPV6:
    This counter will increment when the appliance receives an IPsec ESP packet, IPsec 
NAT-T ESP packet or an IPsec over UDP ESP packet encapsulated in an IP version 6 header. 
The appliance does not currently support any IPsec sessions encapsulated in IP version 6.
 Recommendation:
    None
 
 Syslogs:
    None