Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-56
Cisco ASA Series 명령 참조 , S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
Name: cluster-no-msgp
Cluster unit is out of message descriptor:
Cluster unit is out of message descriptor.
Recommendation:
None.
Syslogs:
None.
----------------------------------------------------------------
Name: cluster-slave-ignored
Flow matched a cluster drop-on-slave classify rule:
A multicast routing packet was received on a L3 cluster interface when the unit
was a slave. Only a master unit is permitted to process these packets.
Recommendation:
This counter is informational and the behavior expected. The packet is processed by
master.
Syslogs:
None.
----------------------------------------------------------------
Name: cluster-non-owner-ignored
Flow matched a cluster drop-on-non-owner classify rule:
A multicast data packet was received on a L3 cluster interface when the unit was
not an elected owner unit. Only an elected owner unit is permitted to process
these packets.
Recommendation:
This counter is informational and the behavior expected. The packet is processed by
one elected owner unit.
Syslogs:
None.
----------------------------------------------------------------
Name: nat-xlate-failed
NAT failed:
Failed to create an xlate to translate an IP or transport header.
Recommendation:
If NAT is not desired, disable "nat-control". Otherwise, use the "static", "nat" or
"global" command to configure NAT policy for the dropped flow. For dynamic NAT, ensure
that each "nat" command is paired with at least one "global" command. Use "show nat" and
"debug pix process" to verify NAT rules.
Syslogs:
305005, 305006, 305009, 305010, 305011, 305012
----------------------------------------------------------------
Name: nat-rpf-failed
NAT reverse path failed:
Rejected attempt to connect to a translated host using the translated host's real
address.
Recommendation:
When not on the same interface as the host undergoing NAT, use the mapped address
instead of the real address to connect to the host. Also, enable the appropriate inspect
command if the application embeds IP address.
Syslogs:
305005