This is a vague question but I guess I need to start somewhere.
In a smaller sized environment, I see the following counters on a 5510 w/ a CSC module...
Frame drop: SVC Module does not have a session (mp-svc-no-session) 1 Unsupported IP version (unsupported-ip-version) 1 No route to host (no-route) 223 Reverse-path verify failed (rpf-violated) 88 Flow is denied by configured rule (acl-drop) 73233 First TCP packet not SYN (tcp-not-syn) 44862 TCP failed 3 way handshake (tcp-3whs-failed) 8883 TCP RST/FIN out of order (tcp-rstfin-ooo) 34487 TCP SEQ in SYN/SYNACK invalid (tcp-seq-syn-diff) 1 TCP packet SEQ past window (tcp-seq-past-win) 348 TCP invalid ACK (tcp-invalid-ack) 4 TCP ACK in 3 way handshake invalid (tcp-discarded-ooo) 1 TCP RST/SYN in window (tcp-rst-syn-in-win) 40 TCP packet failed PAWS test (tcp-paws-fail) 717 Output QoS rate exceeded (rate-exceeded) 33810 Early security checks failed (security-failed) 44 Slowpath security checks failed (sp-security-failed) 39152 ICMP Error Inspect no existing conn (inspect-icmp-error-no-existing-conn) 67 DNS Inspect invalid packet (inspect-dns-invalid-pak) 1 DNS Inspect invalid domain label (inspect-dns-invalid-domain-label) 1 DNS Inspect id not matched (inspect-dns-id-not-matched) 107 FP L2 rule drop (l2_acl) 138157 Packet shunned (shunned) 329 Dropped pending packets in a closed socket (np-socket-closed) 349 Invalid ASDP packet received from SSM card (ssm-asdp-invalid) 2 Service module is down (ssm-app-fail) 71
What I'm looking for is a "normally you don't see any counters for inspect fail unless there's a problem with ******, so you might want to look into ******"
I have an exceptionally noisy network here with hit and miss internet performance issues. Not entirely sure where to start, other then asking could any values on these counters be abnormal? I'm familar with the ASA just not that familar with it...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :