Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-26
Cisco ASA Series 명령 참조 , S 명령
  
3      show as-path-access-list through show auto-update 명령              
  show asp drop
    This counter is incremented and the packet is dropped when window size advertised by 
TCP endpoint is drastically changed without accepting that much data.
Recommendations:
    In order to allow such packet, use the window-variation configuration under tcp-map.
Syslogs:
    None
----------------------------------------------------------------
Name: rate-exceeded
QoS rate exceeded:
    This counter is incremented when rate-limiting (policing) is configured on an 
egress/ingress interface and the egress/ingress traffic rate exceeds the burst rate 
configured. The counter is incremented for each packet dropped.
Recommendation:
    Investigate and determine why the rate of traffic leaving/entering the interface is 
higher than the configured rate. This may be normal, or could be an indication of virus or 
attempted attack.
Syslogs:
    None.
----------------------------------------------------------------
Name: queue-removed
Rate-limiter queued packet dropped:
    When QoS config is changed or removed, the existing packets in the output queues 
awaiting transmission are dropped and this counter is incremented.
Recommendation:
    Under normal conditions, this may be seen when the QoS configuration has been changed 
by the user. If this occurs when no changes to QoS config were performed, please contact 
Cisco Technical Assistance Center (TAC).
Syslogs:
   None.
----------------------------------------------------------------
Name: bad-crypto
Bad crypto return in packet:
    This counter will increment when the appliance attempts to perform a crypto operation 
on a packet and the crypto operation fails. This is not a normal condition and could 
indicate possible software or hardware problems with the appliance
 
 Recommendation:
    If you are receiving many bad crypto indications your appliance may need servicing.  
You should enable syslog 402123 to determine whether the crypto errors are hardware or 
software errors. You can also check the error counter in the global IPsec statistics with 
the 'show ipsec stats' CLI command. If the IPsec SA which is triggering these errors is 
known, the SA statistics from the 'show ipsec sa detail' command will also be useful in 
diagnosing the problem.
 Syslogs:
    402123
----------------------------------------------------------------
Name: ctm-error
CTM returned error: