Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-76
Cisco ASA Series 명령 참조 , S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
Recommendations:
Check and bring up IPS card.
Syslogs:
420001
----------------------------------------------------------------
Name: reinject-punt
Flow terminated by punt action:
This counter is incremented when a packet is punted to the exception-path for
processing by one of the enhanced services such as inspect, aaa etc and the servicing
routine, having detected a violation in the traffic flowing on the flow, requests that the
flow be dropped. The flow is immediately dropped.
Recommendation:
Please watch for syslogs fired by servicing routine for more information. Flow drop
terminates the corresponding connection.
Syslogs:
None.
----------------------------------------------------------------
Name: shunned
Flow shunned:
This counter will increment when a packet is received which has a source IP address
that matches a host in the shun database. When a shun command is applied, it will be
incremented for each existing flow that matches the shun command.
Recommendation:
No action required.
Syslogs:
401004
----------------------------------------------------------------
Name: host-limit
host-limit
----------------------------------------------------------------
Name: nat-failed
NAT failed:
Failed to create an xlate to translate an IP or transport header.
Recommendation:
If NAT is not desired, disable "nat-control". Otherwise, use the "static", "nat" or
"global" command to configure NAT policy for the dropped flow. For dynamic NAT, ensure
that each "nat" command is paired with at least one "global" command. Use "show nat" and
"debug pix process" to verify NAT rules.
Syslogs:
305005, 305006, 305009, 305010, 305011, 305012
----------------------------------------------------------------
Name: nat-rpf-failed
NAT reverse path failed:
Rejected attempt to connect to a translated host using the translated host's real
address.
Recommendation: