Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-9
Cisco ASA Series 명령 참조, S 명령      
 
3      show as-path-access-list through show auto-update 명령
  show asp drop    
    Analyze your network traffic to determine the source of the spoofed IPsec traffic.
 Syslogs:
    402117
----------------------------------------------------------------
Name: ipsec-clearpkt-notun
IPsec Clear Pkt w/no tunnel:
    This counter will increment when the appliance receives a packet which should have 
been encrypted but was not. The packet matched the inner header security policy check of a 
configured and established IPsec connection on the appliance but was received unencrypted. 
This is a security issue.
 Recommendation:
    Analyze your network traffic to determine the source of the spoofed IPsec traffic.
 Syslogs:
    402117
----------------------------------------------------------------
Name: ipsec-tun-down
IPsec tunnel is down:
    This counter will increment when the appliance receives a packet associated with an 
IPsec connection which is in the process of being deleted.
 Recommendation:
    This is a normal condition when the IPsec tunnel is torn down for any reason.
 Syslogs:
    None
----------------------------------------------------------------
Name: mp-svc-delete-in-progress
SVC Module received data while connection was being deleted:
    This counter will increment when the security appliance receives a packet associated 
with an SVC connection that is in the process of being deleted.
Recommendation:
    This is a normal condition when the SVC connection is torn down for any reason. If 
this error occurs repeatedly or in large numbers, it could indicate that clients are 
having network connectivity issues.
Syslogs:
    None.
----------------------------------------------------------------
Name: mp-svc-bad-framing
SVC Module received badly framed data:
    This counter will increment when the security appliance receives a packet from an SVC 
or the control software that it is unable to decode.
Recommendation:
    This indicates that a software error should be reported to the Cisco TAC. The SVC or 
security appliance could be at fault.
Syslogs:
    722037 (Only for SVC received data).
----------------------------------------------------------------