Cisco Cisco ASA 5510 Adaptive Security Appliance Dépliant
3-6
Cisco ASA Series 명령 참조 , S 명령
3장 show as-path-access-list through show auto-update 명령
show asp drop
----------------------------------------------------------------
Name: bad-ipsec-natt
Bad IPsec NATT packet:
This counter will increment when the appliance receives a packet on an IPsec
connection which has negotiated NAT-T but the packet is not addressed to the NAT-T UDP
destination port of 4500 or had an invalid payload length.
Recommendation:
Analyze your network traffic to determine the source of the NAT-T traffic.
Syslogs:
None
----------------------------------------------------------------
Name: bad-ipsec-udp
Bad IPsec UDP packet:
This counter will increment when the appliance receives a packet on an IPsec
connection that has negotiated IPsec over UDP, but the packet has an invalid payload
length.
Recommendation:
Analyze your network traffic to determine the source of the NAT-T traffic.
Syslogs:
None
----------------------------------------------------------------
Name: inspect-srtp-encrypt-failed
Inspect SRTP Encryption failed:
This counter will increment when SRTP encryption fails.
Recommendation:
If error persists even after a reboot please call TAC to see why SRTP encryption is
failing in the hardware crypto accelerator.
Syslogs:
337001.
----------------------------------------------------------------
Name: inspect-srtp-decrypt-failed
Inspect SRTP Decryption failed:
This counter will increment when SRTP decryption fails.
Recommendation:
If error persists even after a reboot please call TAC to see why SRTP decryption is
failing in the hardware crypto accelerator.
Syslogs:
337002.
----------------------------------------------------------------
Name: inspect-srtp-validate-authtag-failed
Inspect SRTP Authentication tag validation failed:
This counter will increment when SRTP authentication tag validation fails.
Recommendation:
No action is required. If error persists SRTP packets arriving at the firewall are
being tampered with and the administrator has to identify the cause.
Syslogs: