Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-75
Cisco ASA Series 명령 참조, S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
Syslogs:
None
----------------------------------------------------------------
Name: cxsc-malformed-packet
CXSC Module requested drop:
This counter is incremented and the packet is dropped as requested by the CXSC module
when the packet is malformed.
Recommendations:
Check syslogs and alerts on the CXSC module.
Syslogs:
None
----------------------------------------------------------------
Name: cxsc-fail
CXSC config removed for connection:
This counter is incremented and the packet is dropped when the CXSC configuration is
not found for a particular connection.
Recommendations:
Check if any configuration changes have been made for CXSC.
Syslogs:
None
----------------------------------------------------------------
Name: cxsc-ha-request
CXSC HA replication drop:
This counter is incremented when the security appliance receives a CXSC HA request
packet, but could not process it and the packet is dropped.
Recommendation:
This could happen occasionally when CXSC does not have the latest ASA HA state, such
as right after an ASA HA state change. If the counter is constantly increasing however, it
may be because CXSC and ASA are out of sync. If that happens, contact Cisco TAC for
assistance.
Syslogs:
None.
----------------------------------------------------------------
Name: cxsc-invalid-encap
CXSC invalid header drop:
This counter is incremented when the security appliance receives a CXSC packet with an
invalid messsage header, and the packet is dropped.
Recommendation: This should not happen. Contact Cisco TAC for assistance.
Syslogs:
None.
----------------------------------------------------------------
Name: ips-fail-close
IPS fail-close:
This reason is given for terminating a flow since IPS card is down and fail-close
option was used with IPS inspection.