Cisco Cisco ASA 5580 Adaptive Security Appliance Prospecto
3-24
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
Recommendations:
The next expected TCP packet may not arrive due to congestion in the network which is
normal in a busy network.The TCP retransmission mechanism in the end host will retransmit
the packet and the session will continue.
Syslogs:
None
----------------------------------------------------------------
Name: tcp-rst-syn-in-win
TCP RST/SYN in window:
This counter is incremented and the packet is dropped when appliance receives a TCP
SYN or TCP RST packet on an established connection with sequence number within window but
not next expected sequence number.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-acked
TCP DUP and has been ACKed:
This counter is incremented and the packet is dropped when appliance receives a
retransmitted data packet and the data has been acknowledged by the peer TCP endpoint.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-dup-in-queue
TCP dup of packet in Out-of-Order queue:
This counter is incremented and the packet is dropped when appliance receives a
retransmitted data packet that is already in our out of order packet queue.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: tcp-paws-fail
TCP packet failed PAWS test:
This counter is incremented and the packet is dropped when TCP packet with timestamp
header option fails the PAWS (Protect Against Wrapped Sequences) test.
Recommendations:
To allow such connections to proceed, use tcp-options configuration under tcp-map to
clear timestamp option.
Syslogs:
None
----------------------------------------------------------------