Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-28
Cisco ASA Series 명령 참조 , S 명령
  
3      show as-path-access-list through show auto-update 명령              
  show asp drop
    3) In routed or transparent mode and receives an IPv4 or IPv6 packet with same source 
and destination IP addresses
Recommendation:
    1 and 2) Determine if an external user is trying to compromise the protected network. 
Check for misconfigured clients.
    3) If this message counter is incrementing rapidly, an attack may be in progress. Use 
the packet capture feature to capture type asp packets, and check the source MAC address 
in the packet to see where they are coming from.
Syslogs:
    1 and 2) 106016
    3) 106017
----------------------------------------------------------------
Name: ipv6_sp-security-failed
IPv6 slowpath security checks failed:
    This counter is incremented and the packet is dropped for one of the following 
reasons:
1) IPv6 through-the-box packet with identical source and destination address.
2) IPv6 through-the-box packet with linklocal source or destination address.
3) IPv6 through-the-box packet with multicast destination address.
Recommendation:
    These packets could indicate malicious activity, or could be the result of a 
misconfigured IPv6 host.  Use the packet capture feature to capture type asp packets, and 
use the source MAC address to identify the source.
Syslogs:
    For identical source and destination address, syslog 106016, else none.
----------------------------------------------------------------
Name: invalid-ip-option
IP option drop:
    This counter is incremented when any unicast packet with ip options or a multicast 
packet with ip-options that have not been configured to be accepted, is received by the 
security appliance. The packet is dropped.
Recommendation:
    Investigate why a packet with ip options is being sent by the sender.
Syslogs:
    None.
----------------------------------------------------------------
Name: lu-invalid-pkt
Invalid LU packet:
    Standby unit received a corrupted Logical Update packet.
 
Recommendation:
    The packet corruption could be caused by a bad cable, interface card, line noise, or 
software defect. If the interface appears to be functioning properly, then report the 
problem to Cisco TAC.
 
Syslogs:
    None
----------------------------------------------------------------
Name: fo-standby
Dropped by standby unit: