Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

Page of 1264
 
3-88
Cisco ASA Series 명령 참조 , S 명령
  
3      show as-path-access-list through show auto-update 명령              
  show asp drop
----------------------------------------------------------------
Name: cluster-pinhole-master-change
Master only pinhole flow removed at bulk sync due to master change:
    Master only pinhole flow is removed during bulk sync because cluster master has 
changed.
Recommendation:
    This counter is informational and the behavior expected.
Syslogs:
    302014
----------------------------------------------------------------
Name: cluster-parent-owner-left
Flow removed at bulk sync becasue parent flow is gone:
    Flow is removed during bulk sync becasue the parent flow's owner has left the cluster.
Recommendation:
    This counter is informational and the behavior expected.
Syslogs:
    302014
----------------------------------------------------------------
Name: cluster-ctp-punt-channel-missing
Flow removed at bulk sync becasue CTP punt channel is missing:
    Flow is removed during bulk sync because CTP punt channel is missing in cluster 
restored flow.
Recommendation:
    The cluster master may have just left the cluster. And there might be packet drops on 
the Cluster Control Link.
Syslogs:
    302014
----------------------------------------------------------------
Name: vpn-overlap-conflict
VPN Network Overlap Conflict:
When a packet is decrypted, the inner packet is examined against the crypto map 
configuration. If the packet matches a different crypto map entry than the one it was 
received on, it will be dropped and this counter will increment. A common cause for this 
is two crypto map entries containing similar/overlapping address spaces.
Recommendation:
    Check your VPN configuration for overlapping networks. Verify the
    order of your crypto maps and use of deny rules in ACLs.
Syslogs:
    None
----------------------------------------------------------------
Name: invalid-vxlan-segment-id
Invalid VXLAN segment-id:
    This counter is incremented when the security appliance sees an invalid VXLAN 
segment-id attached to a flow.
Recommendation: