Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet
3-31
Cisco ASA Series 명령 참조, S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
Syslogs:
313005
----------------------------------------------------------------
Name: inspect-icmp-nat64-frag
ICMP NAT64 Inspect Fragmentation Error:
This counter will increment when the appliance is unable to translate ICMP messages
between IPv6 and IPv4 due to fragmentation. Per RFC-6145, ICMP packet fragments will not
be translated.
Recommendation:
No action required.
Syslogs:
313005
----------------------------------------------------------------
Name: inspect-icmp-error-different-embedded-conn
ICMP Error Inspect different embedded conn:
This counter will increment when the frame embedded in the ICMP error message does not
match the established connection that has been identified when the ICMP connection is
created.
Recommendation:
No action required if it is an intermittent event. If the cause is an attack, you can
deny the host using the ACLs.
Syslogs:
313005
----------------------------------------------------------------
Name: inspect-icmpv6-error-invalid-pak
ICMPv6 Error Inspect invalid packet:
This counter will increment when the appliance detects an invalid frame embedded in
the ICMPv6 packet. This check is the same as that on IPv6 packets. Examples: Incomplete
IPv6 header; malformed IPv6 Next Header; etc.
Recommendation:
No action required.
Syslogs:
None.
----------------------------------------------------------------
Name: inspect-icmpv6-error-no-existing-conn
ICMPv6 Error Inspect no existing conn:
This counter will increment when the appliance is not able to find any established
connection related to the frame embedded in the ICMPv6 error message.
Recommendation:
No action required if it is an intermittent event. If the cause is an attack, you can
deny the host using the ACLs.
Syslogs:
313005
----------------------------------------------------------------
Name: inspect-dns-invalid-pak
DNS Inspect invalid packet: