Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-69
Cisco ASA Series 명령 참조, S 명령      
 
3      show as-path-access-list through show auto-update 명령
  show asp drop    
    None.
----------------------------------------------------------------
Name: acl-drop
Flow is denied by access rule:
     This counter is incremented when a drop rule is hit by the packet and flow creation 
is denied. This rule could be a default rule created when the box comes up, when various 
features are turned on or off, when an acl is applied to interface or any other feature 
etc. Apart from default rule drops, a flow could be denied because of:
     1) ACL configured on an interface
     2) ACL configured for AAA and AAA denied the user
     3) Thru-box traffic arriving at management-only ifc
     4) Unencrypted traffic arriving on a ipsec-enabled interface
     5) Implicity deny 'ip any any' at the end of an ACL
Recommendation:
    Observe if one of syslogs related to packet drop are fired. Flow drop results in the 
corresponding packet-drop that would fire requisite syslog.
Syslogs:
    None.
----------------------------------------------------------------
Name: pinhole-timeout
Pinhole timeout:
    This counter is incremented to report that the appliance opened a secondary flow, but 
no packets passed through this flow within the timeout interval, and hence it was removed. 
An example of a secondary flow is the FTP data channel that is created after successful  
negotiation on the FTP control channel.
Recommendation:
    No action required.
Syslogs:
    302014, 302016
----------------------------------------------------------------
Name: host-removed
Host is removed:
    Flow removed in response to "clear local-host" command.
Recommendation:
    This is an information counter.
Syslogs:
    302014, 302016, 302018, 302021, 305010, 305012, 609002
----------------------------------------------------------------
Name: xlate-removed
Xlate Clear:
    Flow removed in response to "clear xlate" or "clear local-host" command.
Recommendation:
    This is an information counter.
Syslogs:
    302014, 302016, 302018, 302021, 305010, 305012, 609002
----------------------------------------------------------------