Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-24
Cisco ASA Series 명령 참조 , S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
Recommendations:
The next expected TCP packet may not arrive due to congestion in the network which is
normal in a busy network. The TCP retransmission mechanism in the end host will retransmit
the packet and the session will continue.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-rst-syn-in-win
TCP RST/SYN in window:
This counter is incremented and the packet is dropped when appliance receives a TCP
SYN or TCP RST packet on an established connection with sequence number within window but
not next expected sequence number.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-acked
TCP DUP and has been ACKed:
This counter is incremented and the packet is dropped when appliance receives a
retransmitted data packet and the data has been acknowledged by the peer TCP endpoint.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-dup-in-queue
TCP dup of packet in Out-of-Order queue:
This counter is incremented and the packet is dropped when appliance receives a
retransmitted data packet that is already in our out of order packet queue.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-paws-fail
TCP packet failed PAWS test:
This counter is incremented and the packet is dropped when TCP packet with timestamp
header option fails the PAWS (Protect Against Wrapped Sequences) test.
Recommendations:
To allow such connections to proceed, use tcp-options configuration under tcp-map to
clear timestamp option.
Syslogs:
None