Cisco Cisco ASA 5580 Adaptive Security Appliance プリント
3-78
思科 ASA 系列命令参考,S 命令
第 3 章 show as-path-access-list 至 show auto-update 命令
show asp drop
this occurs, if the number of reclaimable flows exceeds the number of VPN tunnels
permitted by the appliance, then the oldest reclaimable flow is removed to make room for
the new flow.All flows except the following are deemed to be reclaimable:
1. TCP, UDP, GRE and Failover flows
2. ICMP flows if ICMP stateful inspection is enabled
3. ESP flows to the appliance
Recommendation:
No action is required if this counter is incrementing slowly.If this counter is
incrementing rapidly, it could mean that the appliance is under attack and the appliance
is spending more time reclaiming and rebuilding flows.
Syslogs
302021
----------------------------------------------------------------
Name: non_tcp_syn
non-syn TCP:
This reason is given for terminating a TCP flow when the first packet is not a SYN
packet.
Recommendations:
None
Syslogs:
None
----------------------------------------------------------------
Name: rm-xlate-limit
RM xlate limit reached:
This counter is incremented when the maximum number of xlates for a context or the
system has been reached and a new connection is attempted.
Recommendation:
The device administrator can use the commands 'show resource usage' and 'show resource
usage system' to view context and system resource limits and 'Denied' counts and adjust
resource limits if desired.
Syslogs:
321001
----------------------------------------------------------------
Name: rm-host-limit
RM host limit reached:
This counter is incremented when the maximum number of hosts for a context or the
system has been reached and a new connection is attempted.
Recommendation:
The device administrator can use the commands 'show resource usage' and 'show resource
usage system' to view context and system resource limits and 'Denied' counts and adjust
resource limits if desired.
Syslogs:
321001
----------------------------------------------------------------
Name: rm-inspect-rate-limit
RM inspect rate limit reached:
This counter is incremented when the maximum inspection rate for a context or the
system has been reached and a new connection is attempted.