11-25-2013 01:54 AM - edited 03-11-2019 08:09 PM
HI,
I want help for below issue, does it mean i have problem with my isp, because my customer complain from disconnecting in service or no service ?
ASA-E# show asp drop
Frame drop:
Invalid TCP Length (invalid-tcp-hdr-length) 226
Invalid UDP Length (invalid-udp-length) 26
No valid adjacency (no-adjacency) 1132921
Flow is denied by configured rule (acl-drop) 25221865
Flow denied due to resource limitation (unable-to-create-flow) 30315574
First TCP packet not SYN (tcp-not-syn) 7566521
Bad TCP flags (bad-tcp-flags) 14877
TCP data send after FIN (tcp-data-past-fin) 157
TCP failed 3 way handshake (tcp-3whs-failed) 60984
TCP RST/FIN out of order (tcp-rstfin-ooo) 1619633
TCP SEQ in SYN/SYNACK invalid (tcp-seq-syn-diff) 401073
TCP ACK in SYNACK invalid (tcp-ack-syn-diff) 5
TCP SYNACK on established conn (tcp-synack-ooo) 42298
TCP packet SEQ past window (tcp-seq-past-win) 268890
TCP invalid ACK (tcp-invalid-ack) 675430
TCP replicated flow pak drop (tcp-fo-drop) 19295
TCP ACK in 3 way handshake invalid (tcp-discarded-ooo) 491
TCP Out-of-Order packet buffer timeout (tcp-buffer-timeout) 66
TCP RST/SYN in window (tcp-rst-syn-in-win) 10480
TCP dup of packet in Out-of-Order queue (tcp-dup-in-queue) 997
TCP packet failed PAWS test (tcp-paws-fail) 50690
Connection limit reached (conn-limit) 1
Slowpath security checks failed (sp-security-failed) 46497
Expired flow (flow-expired) 1
ICMP Error Inspect no existing conn (inspect-icmp-error-no-existing-conn) 51
DNS Inspect invalid packet (inspect-dns-invalid-pak) 141
DNS Inspect invalid domain label (inspect-dns-invalid-domain-label) 1629
DNS Inspect packet too long (inspect-dns-pak-too-long) 156
DNS Inspect id not matched (inspect-dns-id-not-matched) 127234
Unable to obtain connection lock (connection-lock) 4
Interface is down (interface-down) 447
RM connection limit reached (rm-conn-limit) 14027404
Last clearing: Never
Flow drop:
Flow is denied by access rule (acl-drop) 3002
NAT failed (nat-failed) 19624370
NAT reverse path failed (nat-rpf-failed) 240
Inspection failure (inspect-fail) 605102
Last clearing: Never
11-25-2013 04:56 AM
Hi Mustafa,
The output of "show asp drop" is cumulative. So you need to clear the counters "clear asp drop" then try to observe a baseline and any abnormally increasing counters.
I suggest that you collect the ASP drop captures and match them to the reported failure:
capture aspcap type asp-drop all
capture aspcap buffer 32000000
show captue aspcap
--
Regards.
Mashal Shboul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide