Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-16
Cisco ASA Series 명령 참조 , S 명령
  
3      show as-path-access-list through show auto-update 명령              
  show asp drop
----------------------------------------------------------------
Name: invalid-tcp-hdr-length
Invalid TCP Length:
    This counter is incremented when the security appliance receives a TCP packet whose 
size is smaller than minimum-allowed header length or does not conform to the received 
packet length.
Recommendation:
    The invalid packet could be a bogus packet being sent by an attacker.
Investigate the traffic from source in the following syslog.
Syslogs:
    500003.
----------------------------------------------------------------
Name: invalid-udp-length
Invalid UDP Length:
    This counter is incremented when the security appliance receives a UDP packet whose 
size as calculated from the fields in header is different from the measured size of packet 
as received from the network.
Recommendation:
    The invalid packet could be a bogus packet being sent by an attacker.
Syslogs:
    None.
----------------------------------------------------------------
Name: no-adjacency
No valid adjacency:
    This counter is incremented when the security appliance has tried to obtain an 
adjacency and could not obtain mac-address for next hop. The packet is dropped.
Recommendation:
    Configure a capture for this drop reason and check if a host with specified 
destination address exists on connected network or is routable from the device.
Syslogs:
   None.
----------------------------------------------------------------
Name: unexpected-packet
Unexpected packet:
    This counter is incremented when the appliance in transparent mode receives a non-IP 
packet, destined to its MAC address, but there is no corresponding service running on the 
appliance to process the packet.
Recommendation:
    Verify if the appliance is under attack. If there are no suspicious packets, or the 
device is not in transparent mode, this counter is most likely being incremented due to a 
software error. Attempt to capture the traffic that is causing the counter to increment 
and contact the Cisco TAC.
Syslogs:
    None
----------------------------------------------------------------
Name: no-route
No route to host: