Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Page of 1264
 
3-47
Cisco ASA Series 명령 참조, S 명령      
 
3      show as-path-access-list through show auto-update 명령
  show asp drop    
----------------------------------------------------------------
Name: ipv6-esp-denied
ESP is denied by IPv6 extension header configuration:
    This counter is incremented and packet is dropped when the appliance receives a IPv6 
packet with ESP extension header which is denied by the user configuration rule.
 Recommendation:
    Check action of 'match header esp' in 'policy-map type ipv6'. Remove action 'drop' if 
ESP should be allowed.
 Syslogs:
    325004
----------------------------------------------------------------
Name: ipv6-ah-denied
AH is denied by IPv6 extension header configuration:
    This counter is incremented and packet is dropped when the appliance receives a IPv6 
packet with AH extension header which is denied by the user configuration rule.
 Recommendation:
    Check action of 'match header ah' in 'policy-map type ipv6'. Remove action 'drop' if 
AH should be allowed.
 Syslogs:
    325004
----------------------------------------------------------------
Name: channel-closed
Data path channel closed:
    This counter is incremented when the data path channel has been closed before the 
packet attempts to be sent out through this channel.  
Recommendation:
    It is normal in multi-processor system when one processor closes the channel (e.g., 
via CLI), and another processor tries to send a packet through the channel.
 Syslogs:
    None
----------------------------------------------------------------
Name: dispatch-decode-err
Diapatch decode error:
    This counter is incremented when the packet dispatch module finds an error when 
decoding the frame.  An example is an unsupported packet frame.  
Recommendation:
    Verify the packet format with a capture tool.
 Syslogs:
    None
----------------------------------------------------------------
Name: cp-event-queue-error
CP event queue error:
    This counter is incremented when a CP event queue enqueue attempt has failed due to 
queue length exceeded. This queue is used by the data-path to punt packets to the 
control-point for additional processing. This condition is only possible in a 
multi-processor enviroment. The module that attempted to enqueue the packet may issue its 
own packet specific drop in response to this error.