Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2087
Views
0
Helpful
1
Replies

ASA - packets dropped

fsanchez
Level 1
Level 1

‎06-25-2009 07:53 AM

Hi, I have an Cisco ASA-5510 that have a lot of packet dropped in a sub interface of outside physical interface. Why do this? Is a queue-limit issue?

show interface DMZ_TN

Interface GigabitEthernet0/2.14 "DMZ_TN", is up, line protocol is up

Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

VLAN identifier 14

Description: TN_DC_IPLAN

MAC address 001b.d454.d748, MTU 1500

IP address 10.255.254.25, subnet mask 255.255.255.248

Traffic Statistics for "DMZ_TN":

474449896 packets input, 72933751716 bytes

468169696 packets output, 47492362184 bytes

1509612 packets dropped

Labels:
0 Helpful
1 Reply 1

robertson.michael
Level 3
Level 3

‎06-29-2009 06:15 AM

Hi Federico,

This drop counter increments when a packet is dropped in the accelerated security path (ASP). This can be caused by anything from a bad packet to a configured ACL.

The output of 'show asp drop' will list counters for all of the reasons why a packet was dropped (since they were last cleared).

'show asp drop':

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s2.html#wp1351326

'show interface':

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s3.html#wp1427809

Hope that helps.

-Mike

0 Helpful
Customers Also Viewed These Support Documents