Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-18
Cisco ASA Series 명령 참조 , S 명령
  
3      show as-path-access-list through show auto-update 명령              
  show asp drop
----------------------------------------------------------------
Name: unable-to-add-flow
Flow hash full:
    This counter is incremented when a newly created flow is inserted into flow hash table 
and the insertion failed because the hash table was full. The flow and the packet are 
dropped. This is different from counter that gets incremented when maximum connection 
limit is reached.
Recommendation:
    This message signifies lack of resources on the device to support an operation that 
should have been successful. Please check if the connections in the 'show conn' output 
have exceeded their configured idle timeout values. If so, contact the Cisco Technical 
Assistance Center (TAC).
Syslogs:
    None.
----------------------------------------------------------------
Name: np-sp-invalid-spi
Invalid SPI:
    This counter will increment when the appliance receives an IPsec ESP packet addressed 
to the appliance which specifies a SPI (security parameter index) not currently known by 
the appliance.
 Recommendation:
    Occasional invalid SPI indications are common, especially during rekey processing. 
Many invalid SPI indications may suggest a problem or DoS attack. If you are experiencing 
a high rate of invalid SPI indications, analyze your network traffic to determine the 
source of the ESP traffic.
 Syslogs:
    402114
----------------------------------------------------------------
Name: unsupport-ipv6-hdr
Unsupported IPv6 header:
    This counter is incremented and the packet is dropped if an IPv6 packet is received 
with an unsupported IPv6 extension header. The supported IPv6 extension headers are: TCP, 
UDP, ICMPv6, ESP, AH, Hop Options, Destination Options, and Fragment. The IPv6 routing 
extension header is not supported, and any extension header not listed above is not 
supported.  IPv6 ESP and AH headers are supported only if the packet is through-the-box.  
To-the-box IPv6 ESP and AH packets are not supported and will be dropped.
Recommendation:
    This error may be due to a misconfigured host. If this error occurs repeatedly or in 
large numbers, it could also indicate spurious or malicious activity such as an attempted 
DoS attack.
Syslogs:
    None.
----------------------------------------------------------------
Name: tcp-not-syn
First TCP packet not SYN:
    Received a non SYN packet as the first packet of a non intercepted and non nailed 
connection.
Recommendation: