Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-80
Cisco ASA Series 명령 참조 , S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
It is not normal to see this counter increment at any time. If this counter is
incremented, it usually means that the SSL protocol state is out of sync with the client
software. The most likely cause of this problem is a software defect in the client
software. Contact the Cisco TAC with the client software or web browser version and
provide a network trace of the SSL data exchange to troubleshoot this problem.
Syslogs:
None.
----------------------------------------------------------------
Name: ssl-handshake-failed
SSL handshake failed:
This counter is incremented when the TCP connection is dropped because the SSL
handshake failed.
Recommendation:
This is to indicate that the TCP connection is dropped because the SSL handshake
failed. If the problem cannot be resolved based on the syslog information generated by the
handshake failure condition, please include the related syslog information when contacting
the Cisco TAC.
Syslogs:
725006.
725014.
----------------------------------------------------------------
Name: ssl-malloc-error
SSL malloc error:
This counter is incremented for each malloc failure that occurs in the SSL lib. This
is to indicate that SSL encountered a low memory condition where it can't allocate a
memory buffer or packet block.
Recommendation:
Check the security appliance memory and packet block condition and contact Cisco the
TAC with this memory information.
Syslogs:
None.
----------------------------------------------------------------
Name: ctm-crypto-request-error
CTM crypto request error:
This counter is incremented each time CTM cannot accept our crypto request. This
usually means the crypto hardware request queue is full.
Recommendation:
Issue the show crypto protocol statistics ssl command and contact the Cisco TAC with
this information.
Syslogs:
None.
----------------------------------------------------------------
Name: ssl-record-decrypt-error
SSL record decryption failed:
This counter is incremented when a decryption error occurs during SSL data receive.
This usually means that there is a bug in the SSL code of the ASA or peer, or an attacker
may be modifying the data stream. The SSL connection has been closed.
Recommendation: