Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-65
Cisco ASA Series 명령 참조, S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
Verify that you can communicate with the destination peer and verify your crypto
configuration via the 'show running-config' command.
Syslogs:
None
----------------------------------------------------------------
Name: vpn-handle-error
VPN handle error:
This counter is incremented when the appliance is unable to create a VPN handle
because the VPN handle already exists.
Recommendation:
It is possible to see this counter increment as part of normal operation. However, if
the counter is rapidly incrementing and there is a major malfunction of vpn-based
applications, then this may be caused by a software defect. Use the following command sto
gather more information about this counter and ontact the Cisco TAC to investigate the
issue further.
capture <name> type asp-drop vpn-handle-error
show asp table classify crypto
show asp table vpn-context detail
Syslogs:
None
----------------------------------------------------------------
Name: vpn-handle-not-found
VPN handle not found:
This counter is incremented when a datagram hits an encrypt or decrypt rule, and no
VPN handle is found for the flow the datagram is on.
Recommendation:
It is possible to see this counter increment as part of normal operation. However, if
the counter is rapidly incrementing and there is a major malfunction of vpn-based
applications, then this may be caused by a software defect. Use the following command sto
gather more information about this counter and ontact the Cisco TAC to investigate the
issue further.
capture <name> type asp-drop vpn-handle-not-found
show asp table classify crypto
show asp table vpn-context detail
Syslogs:
None
----------------------------------------------------------------
Name: ipsec-spoof-detect
IPsec spoof packet detected:
This counter will increment when the appliance receives a packet which should have
been encrypted but was not. The packet matched the inner header security policy check of a
configured and established IPsec connection on the appliance but was received unencrypted.
This is a security issue.
Recommendation:
Analyze your network traffic to determine the source of the spoofed IPsec traffic.
Syslogs:
402117