Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-29
Cisco ASA Series 명령 참조, S 명령      
 
3      show as-path-access-list through show auto-update 명령
  show asp drop    
    If a through-the-box packet arrives at an appliance or context in a Standby state and 
a flow is created, the packet is dropped and the flow removed. This counter will increment 
each time a packet is dropped in this manner.
 
Recommendation:
    This counter should never be incrementing on the Active appliance or context. However, 
it is normal to see it increment on the Standby appliance or context.
 
Syslogs:
    302014, 302016, 302018
----------------------------------------------------------------
Name: dst-l2_lookup-fail
Dst MAC L2 Lookup Failed:
    This counter will increment when the appliance is configured for transparent mode and 
the appliance does a Layer 2 destination MAC address lookup which fails. Upon the lookup 
failure, the appliance will begin the destination MAC discovery process and attempt to 
find the location of the host via ARP and/or ICMP messages.
 Recommendation:
    This is a normal condition when the appliance is configured for transparent mode. You 
can also execute (show mac-address-table) to list the L2 MAC address locations currently 
discovered by the appliance.
 Syslogs:
    None
----------------------------------------------------------------
Name: l2_same-lan-port
L2 Src/Dst same LAN port:
    This counter will increment when the appliance/context is configured for transparent 
mode and the appliance determines that the destination interface's L2 MAC address is the 
same as its ingress interface.
 Recommendation:
    This is a normal condition when the appliance/context is configured for transparent 
mode.  Since the appliance interface is operating in promiscuous mode, the 
appliance/context receives all packets on the local LAN seqment.
 Syslogs:
    None
----------------------------------------------------------------
Name: flow-expired
Expired flow:
    This counter is incremented when the security appliance tries to inject a new or 
cached packet belonging to a flow that has already expired.It is also incremented when the 
appliance attempts to send an rst on a tcp flow that has already expired or when a packet 
returns from IDS blade but the flow had already expired. The packet is dropped
Recommendation:
    If valid applications are getting pre-empted, investigate if a longer timeout is 
needed.
Syslogs:
   None.
----------------------------------------------------------------
Name: inspect-icmp-out-of-app-id
ICMP Inspect out of App ID: