Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-8
Cisco ASA Series 명령 참조 , S 명령
  
3      show as-path-access-list through show auto-update 명령              
  show asp drop
    No action is required. The media session is created by Inspect SIP or Skinny when the 
IP address is parsed as part of the signaling exchange. Debug the signaling messages to 
figure out the cause.
Syslogs:
    None.
----------------------------------------------------------------
Name: inspect-srtp-no-remote-phone-proxy-ip
Inspect SRTP Remote Phone Proxy IP not populated:
    This counter will increment when remote phone proxy IP is not populated
Recommendation:
    No action is required. The remote phone proxy IP address is populated from the 
signaling exchange. If error persists debug the signaling messages to figure out if ASA is 
seeing all the signaling messages.
Syslogs:
    None.
----------------------------------------------------------------
Name: inspect-srtp-client-port-not-present
Inspect SRTP client port wildcarded in media session:
    This counter will increment when client port is not populated in media session
Recommendation:
    No action is required. The client port is populated dynamically when the media stream 
comes in from the client. Capture the media packets to see if the client is sending media 
packets.
Syslogs:
    None.
----------------------------------------------------------------
Name: ipsec-need-sa
IPsec SA not negotiated yet:
    This counter will increment when the appliance receives a packet which requires 
encryption but has no established IPsec security association. This is generally a normal 
condition for LAN-to-LAN IPsec configurations. This indication will cause the appliance to 
begin ISAKMP negotiations with the destination peer.
 Recommendation:
    If you have configured IPsec LAN-to-LAN on your appliance, this indication is normal 
and doesn't indicate a problem. However, if this counter increments rapidly it may 
indicate a crypto configuration error or network error preventing the ISAKMP negotiation 
from completing. Verify that you can communicate with the destination peer and verify your 
crypto configuration via the 'show running-config' command.
 Syslogs:
    None
----------------------------------------------------------------
Name: ipsec-spoof
IsSec spoof detected:
    This counter will increment when the appliance receives a packet which should have 
been encrypted but was not. The packet matched the inner header security policy check of a 
configured and established IPsec connection on the appliance but was received unencrypted. 
This is a security issue.
 Recommendation: