Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-73
Cisco ASA Series 명령 참조, S 명령      
 
3      show as-path-access-list through show auto-update 명령
  show asp drop    
    No action required.
    - OR -
    Verify that there are no longer any receivers for this group.
Syslogs:
    None
----------------------------------------------------------------
Name: mcast-entry-removed
Multicast entry removed:
    A packet has arrived that matches a multicast flow, but the multicast service is no 
longer enabled, or was re-enabled after the flow was built.
    - OR -
    The multicast entry has been deleted so the flow is being cleaned up, but the packet 
will be reinjected into the data path.
Recommendation:
    Reenable multicast if it is disabled.
    - OR -
    No action required.
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-intercept-kill
Flow terminated by TCP Intercept:
    TCP intercept would tear down a connection if this is the first SYN, a connection is 
created for the SYN, and TCP intercept replied with a SYN cookie, or after seeing a valid 
ACK from client, when TCP intercept sends a SYN to server, server replies with a RST.
Recommendation:
    TCP intercept normally does not create a connection for first SYN, except when there 
are nailed rules or the packet comes over a VPN tunnel or the next hop gateway address to 
reach the client is not resolved. So for the first SYN this indicates that a connection 
got created. When TCP intercept receives a RST from server, its likely the corresponding 
port is closed on the server.
Syslogs:
    None
----------------------------------------------------------------
Name: audit-failure
Audit failure:
    A flow was freed after matching an "ip audit" signature that had reset as the 
associated action.
Recommendation:
    If removing the flow is not the desired outcome of matching this signature, then 
remove the reset action from the "ip audit" command.
Syslogs:
    None
---------------------------------------------------------------- 
Name: cxsc-request 
Flow terminated by CXSC: 
This reason is given for terminating a flow as requested by CXSC module. 
Recommendations: