Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-44
Cisco ASA Series 명령 참조 , S 명령
  
3      show as-path-access-list through show auto-update 명령              
  show asp drop
----------------------------------------------------------------
Name: telnet-not-permitted
Telnet not permitted on least secure interface:
    This counter is incremented and packet is dropped when the appliance receives a TCP 
SYN packet attempting to establish a TELNET session to the appliance and that packet was 
received on the least secure interface.
 Recommendation:
    To establish a Telnet session to the appliance via the least secure interface, first 
establish an IPsec tunnel to that interface and then connect the Telnet session over that 
tunnel.
 Syslogs:
    402117
----------------------------------------------------------------
Name: ipv6-sp-security-failed
IPv6 slowpath security checks failed:
    This counter is incremented and the packet is dropped for one of the following 
reasons:
1) IPv6 through-the-box packet with identical source and destination address.
2) IPv6 through-the-box packet with linklocal source or destination address.
3) IPv6 through-the-box packet with multicast destination address.
Recommendation:
    These packets could indicate malicious activity, or could be the result of a 
misconfigured IPv6 host.  Use the packet capture feature to capture type asp packets, and 
use the source MAC address to identify the source.
Syslogs:
    For identical source and destination address, syslog 106016, else none.
----------------------------------------------------------------
Name: ipv6-eh-inspect-failed
IPv6 extension header is detected and denied:
    This counter is incremented and packet is dropped when the appliance receives a IPv6 
packet but extension header could not be inspected due to memory allocation failed.
 Recommendation:
Also check 'show memory' output to make sure appliance has enough memory to operate.
 Syslogs:
    None
----------------------------------------------------------------
Name: ipv6-bad-eh
Bad IPv6 extension header is detected and denied:
    This counter is incremented and packet is dropped when the appliance receives a IPv6 
packet with bad extension header.
 Recommendation:
Check 'verify-header type' of 'parameters' in 'policy-map type ipv6'. Remove 
'verify-header type' if the header conformance can be skipped.
 Syslogs:
    325005
----------------------------------------------------------------
Name: ipv6-bad-eh-order