Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Page of 1264
 
3-37
Cisco ASA Series 명령 참조, S 명령      
 
3      show as-path-access-list through show auto-update 명령
  show asp drop    
    This counter is incremented and the packet is dropped as requested by IPS module when 
the packet matches a signature on the IPS engine.
Recommendations:
    Check syslogs and alerts on IPS module.
Syslogs:
    420002
----------------------------------------------------------------
Name: ips-fail-close
IPS card is down:
    This counter is incremented and the packet is dropped when IPS card is down and 
fail-close option was used in IPS inspection.
Recommendations:
    Check and bring up the IPS card.
Syslogs:
    420001
----------------------------------------------------------------
Name: ips-fail
IPS config removed for connection:
    This counter is incremented and the packet is dropped when IPS configuration is not 
found for a particular connection.
Recommendations:
   check if any configuration changes have been done for IPS.
Syslogs:
   None
----------------------------------------------------------------
Name: ips-no-ipv6
Executing IPS software does not support IPv6:
    This counter is incremented when an IPv6 packet, configured to be directed toward IPS 
SSM, is discarded since the software executing on IPS SSM card does not support IPv6.
Recommendations:
   Upgrade the IPS software to version 6.2 or later.
Syslogs:
   None
----------------------------------------------------------------
Name: l2_acl
FP L2 rule drop:
    This counter will increment when the appliance denies a packet due to a layer-2 ACL. 
By default, in routed mode the appliance will PERMIT: 
    1) IPv4 packets
    2) IPv6 packets
    3) ARP packets
    4) L2 Destination MAC of FFFF:FFFF:FFFF (broadcast)
    5) IPv4 MCAST packet with destination L2 of 0100:5E00:0000-0100:5EFE:FFFF
    6) IPv6 MCAST packet with destination L2 of 3333:0000:0000-3333:FFFF:FFFF
    By default, in Transparent mode permits the routed mode ACL and PERMITS:
    1) BPDU packets with destination L2 of 0100:0CCC:CCCD