Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5510 Adaptive Security Appliance
  5. Leaflet

Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Download
Page of 1264
 
3-77
Cisco ASA Series 명령 참조, S 명령      
 
3      show as-path-access-list through show auto-update 명령
  show asp drop    
    When not on the same interface as the host undergoing NAT, use the mapped address 
instead of the real address to connect to the host. Also, enable the appropriate inspect 
command if the application embeds IP address.
Syslogs:
    305005
----------------------------------------------------------------
Name: inspect-fail
Inspection failure:
    This counter will increment when the appliance fails to enable protocol inspection 
carried out by the NP for the connection. The cause could be memory allocation failure, or 
for ICMP error message, the appliance not being able to find any established connection 
related to the frame embedded in the ICMP error message.
Recommendation:
    Check system memory usage. For ICMP error message, if the cause is an attack, you can 
deny the host using the ACLs.
Syslogs:
    313004 for ICMP error.
----------------------------------------------------------------
Name: no-inspect
Failed to allocate inspection:
    This counter will increment when the security appliance fails to allocate a run-time 
inspection data structure upon connection creation. The connection will be dropped.
Recommendation:
    This error condition is caused when the security appliance runs out of system memory. 
Please check the current available free memory by executing the "show memory" command.
Syslogs:
    None
----------------------------------------------------------------
Name: reset-by-ips
Flow reset by IPS:
    This reason is given for terminating a TCP flow as requested by IPS module.
Recommendations:
    Check syslogs and alerts on IPS module.
Syslogs:
    420003
----------------------------------------------------------------
Name: flow-reclaimed
Non-tcp/udp flow reclaimed for new request:
    This counter is incremented when a reclaimable flow is removed to make room for a new 
flow. This occurs only when the number of flows through the appliance equals the maximum 
number permitted by the software imposed limit, and a new flow request is received. When 
this occurs, if the number of reclaimable flows exceeds the number of VPN tunnels 
permitted by the appliance, then the oldest reclaimable flow is removed to make room for 
the new flow. All flows except the following are deemed to be reclaimable:
    1. TCP, UDP, GRE and Failover flows
    2. ICMP flows if ICMP stateful inspection is enabled
    3. ESP flows to the appliance
Recommendation: