can you please clear the counters and wait for some time and collect the output again
you can clear the counters
clear asp table counter
show asp table counter
also please attach the output of "show interface"
the major drops are out of order... now depending on the placement of this firewall please investigate why we are seeing so many out of order packets as they are not good, it could be the isp too if this is a perimeter device
and the other is the host-move-pkt which usually comes when you move a host from one interafce to other if you see these counters incrementing very rapidly it could suggest some kind of looping
i would suggest you look for the explaination on what each of these counters means and try to find the cause depending on how relevant they are for your network. some drops may be harmless but some might suggest a problem
you can find the packets which are dropped by applying asp drop captures
ASA# capture asp type asp-drop ?
acl-drop Flow is denied by configured rule all All packet drop reasons bad-crypto Bad crypto return in packet bad-ipsec-natt Bad IPSEC NATT packet bad-ipsec-prot IPSEC not AH or ESP bad-ipsec-udp Bad IPSEC UDP packet bad-tcp-cksum Bad TCP checksum
you can use each type of asp drop and capture the dropped traffic and investigate the cause
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :