In my setup I am using
>capture cap type asp-drop all buffer <> match tcp host x.x.x.x host y.y.y.y eq 443
to find the ASP drops specific to matched IP.
But Still capture showing me all asp capture. Please check if this command is ok or I need to add any thing else.
My Requirement is to see the asp drop for the specific IPs.
Per the config, you should capture all packets dropped because of ASP-DROP (regardless of the reason), only for traffic between x.x.x. and y.y.y.y. Still try using the following instead: "capture cap type asp-drop all buffer <> match ip host x.x.x.x host y.y.y.y". If it doesn't work, upgrade to a more stable ASA version, like 9.8.4 or 9.12.3.
Thanks Cristian for your reply.
Yes we are using 9.5 and this wont work here. But I found the the required log.
One More clarity required from you. I want to check crypto free and used memory in my ASA. I am not able to find the command to check that. if possible please help me in this regard.
I'm not aware of an exact command to show you the memory/CPU impact for crypto-traffic. The only useful one can think of is "show memory webvpn".
here's my requirement.
! am facing some VPM(ssl/tls) connection failure issue. I want to debug the memory status of the ASA. Please help me in finding the command to get crypto free and used memory stats.
I am getting the asp drop counter against ctm-error.
CTM returned error:
This counter will increment when the appliance attempts to perform a crypto operation on a packet and the crypto operation fails. This is not a normal condition and could indicate possible software or hardware problems with the appliance.
As per the details available this would be possibly due to memory issue. Please help me in finding crypto free and used memory stats.
I already answered you in the other thread: https://community.cisco.com/t5/network-security/anny-connect-connection-failuer-ctm-error/m-p/4052752#M1068256