# show asp drop frame No route to host (no-route) 870 Flow is denied by configured rule (acl-drop) 103915 First TCP packet not SYN (tcp-not-syn) 1317 Bad TCP checksum (bad-tcp-cksum) 2 TCP failed 3 way handshake (tcp-3whs-failed) 6695 TCP RST/FIN out of order (tcp-rstfin-ooo) 4025 TCP packet SEQ past window (tcp-seq-past-win) 13 TCP Out-of-Order packet buffer full (tcp-buffer-full) 1949 TCP Out-of-Order packet buffer timeout (tcp-buffer-timeout) 600 TCP RST/SYN in window (tcp-rst-syn-in-win) 5 TCP dup of packet in Out-of-Order queue (tcp-dup-in-queue) 617 TCP packet failed PAWS test (tcp-paws-fail) 1248 IPSEC tunnel is down (ipsec-tun-down) 2 Slowpath security checks failed (sp-security-failed) 1699 DNS Inspect id not matched (inspect-dns-id-not-matched) 4 FP L2 rule drop (l2_acl) 15436 Dropped pending packets in a closed socket (np-socket-closed) 2
Flow is denied by configured rule (acl-drop) 103915
106023, 106100, 106004
TCP Out-of-Order packet buffer full (tcp-buffer-full) 1949
TCP Out-of-Order packet buffer full:
This counter is incremented and the packet is dropped when appliance receives an
out-of-order TCP packet on a connection and there is no buffer space to store this packet.
Typically TCP packets are put into order on connections that are inspected by the
appliance or when packets are sent to SSM for inspection. There is a default queue size
and when packets in excess of this default queue size are received they will be dropped.
On ASA platforms the queue size could be increased using queue-limit configuration
Similarly you need to check many reasons for the asp drop logs that you have captured and you need to monitor how much it is increasing and the difference.......
but 40 % CPU utilization is a okay kind of thing and you do not need to worry if that happens only during peak hours ans it is not increasing drastically more and more.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...