in the course of troubleshooting a fault I noticed that the 10 sec Drop Packet graph under monitoring/interfaces/outside/drop packet count on the ASDM was giving the same total every 10 seconds (+/- 1 or 2 every now and then). I searched for specifics on what this monitors, and other than 'dropped pkts' I've drawn a blank.
I've checked 3 different customer ASAs (2x5510s and a 5520) and they're all the same - the total is different but the variation is the same.
I can understand the drops occuring but why it is constant is not so clear - can anyone shed some light on the what and why?
When the ASP drops packets, it increments counters that match the reason that the asp dropped the packet. You can view the counter values by issuing show asp drop but this willshow you the cumulative counters. Issue the command clear asp drop then show asp drop to get a baseline of the drops so far, then send the traffic that is not making it through the firewall and then issue show asp drop again, and check which counters are incrementing.capture capture_name type asp-drop drop-code all packet-length 1518. You can specify a drop code of "all" or specify the particular drop code that you want to watch. The problem is that usually you dont know why the pix is dropping the packet, so you dont know the particular drop code yet. In that case, capture all the dropped packets. If you do not specify a drop-code, then the pix will not capture any packets. use the 'show service-policy flow' command and specify the flow that is failing to determine if it is subjected to a fixup.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :