Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Logging Configuration and System Log Messages, 3.1
Messages Listed by Severity Level
Downloads: This chapterpdf (PDF - 337.0KB) The complete bookPDF (PDF - 3.52MB) | Feedback

Messages Listed by Severity Level

Table Of Contents

Messages Listed by Severity Level

Alert Messages, Severity 1

Critical Messages, Severity 2

Error Messages, Severity 3

Warning Messages, Severity 4

Notification Messages, Severity 5

Informational Messages, Severity 6

Debugging Messages, Severity 7


Messages Listed by Severity Level


This appendix contains the following sections:

Alert Messages, Severity 1

Critical Messages, Severity 2

Error Messages, Severity 3

Warning Messages, Severity 4

Notification Messages, Severity 5

Informational Messages, Severity 6

Debugging Messages, Severity 7


Note The Cisco ASA does not send severity 0, emergency messages as system log messages. These are analogous to a UNIX panic message, and denote an unstable system.


Alert Messages, Severity 1

The following messages appear at severity 1, alerts:

%FWSM-1-102001: (Primary) Power failure/System reload other side.

%FWSM-1-103002: (Primary) Other firewall network interface interface_number OK.

%FWSM-1-103003: (Primary) Other firewall network interface interface_number failed.

%FWSM-1-103004: (Primary) Other firewall reports this firewall failed.

%FWSM-1-103005: (Primary) Other firewall reporting failure.

%FWSM-1-103006: (Primary|Secondary) Mate version ver_num is not compatible with ours ver_num

%FWSM-1-103007: (Primary|Secondary) Mate version ver_num is not identical with ours ver_num

%FWSM-1-104001: (Primary) Switching to ACTIVE (cause: string).

%FWSM-1-104002: (Primary) Switching to STNDBY (cause: string).

%FWSM-1-104003: (Primary) Switching to FAILED.

%FWSM-1-104004: (Primary) Switching to OK.

%FWSM-1-105001: (Primary) Disabling failover.

%FWSM-1-105002: (Primary) Enabling failover.

%FWSM-1-105003: (Primary) Monitoring on interface interface_name waiting

%FWSM-1-105004: (Primary) Monitoring on interface interface_name normal

%FWSM-1-105005: (Primary) Lost Failover communications with mate on interface interface_name.

%FWSM-1-105006: (Primary) Link status `Up' on interface interface_name.

%FWSM-1-105007: (Primary) Link status `Down' on interface interface_name.

%FWSM-1-105008: (Primary) Testing interface interface_name.

%FWSM-1-105020: (Primary) Incomplete/slow config replication

%FWSM-1-105021: (failover_unit) Standby unit failed to sync due to a locked context_name config. Lock held by lock_owner_name

%FWSM-1-105031: Failover LAN interface is up

%FWSM-1-105032: LAN Failover interface is down

%FWSM-1-105034: Receive a LAN_FAILOVER_UP message from peer.

%FWSM-1-105035: Receive a LAN failover interface down msg from peer.

%FWSM-1-105038: (Primary) Interface count mismatch

%FWSM-1-105039: (Primary) Unable to verify the Interface count with mate. Failover may be disabled in mate.

%FWSM-1-105040: (Primary) Mate failover version is not compatible.

%FWSM-1-105042: (Primary) Failover interface OK

%FWSM-1-105043: (Primary) Failover interface failed

%FWSM-1-105044: (Primary) Mate operational mode mode is not compatible with my mode mode.

%FWSM-1-105045: (Primary) Mate license (number contexts) is not compatible with my license (number contexts).

%FWSM-1-105046 (Primary|Secondary) Mate has a different chassis

%FWSM-1-105047: Mate has a io_card_name1 card in slot slot_number which is different from my io_card_name2

%FWSM-1-106021: Deny protocol reverse path check from source_address to dest_address on interface interface_name

%FWSM-1-106022: Deny protocol connection spoof from source_address to dest_address on interface interface_name

%FWSM-1-106101 The number of ACL log deny-flows has reached limit (number).

%FWSM-1-107001: RIP auth failed from IP_address: version=number, type=string, mode=string, sequence=number on interface interface_name

%FWSM-1-107002: RIP pkt failed from IP_address: version=number on interface interface_name

%FWSM-1-111111 error_message

%FWSM-1-415004:internal_sig_id Content type not found - action mime_type from source_address to dest_address

%FWSM-1-709003: (Primary) Beginning configuration replication: Sending to mate.

%FWSM-1-709004: (Primary) End Configuration Replication (ACT)

%FWSM-1-709005: (Primary) Beginning configuration replication: Receiving from mate.

%FWSM-1-709006: (Primary) End Configuration Replication (STB)

Critical Messages, Severity 2

The following messages appear at severity 2, critical:

%FWSM-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name

%FWSM-2-106002: protocol Connection denied by outbound list acl_ID src inside_address dest outside_address

%FWSM-2-106006: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port on interface interface_name.

%FWSM-2-106007: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port due to DNS {Response|Query}.

%FWSM-2-106013: Dropping echo request from IP_address to PAT address IP_address

%FWSM-2-106016: Deny IP spoof from (IP_address) to IP_address on interface interface_name.

%FWSM-2-106017: Deny IP due to Land Attack from IP_address to IP_address

%FWSM-2-106018: ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address

%FWSM-2-106020: Deny IP teardrop fragment (size = number, offset = number) from IP_address to IP_address

%FWSM-2-106024: Access rules memory exhausted

%FWSM-2-108002: SMTP replaced string: out source_address in inside_address data: string

%FWSM-2-108003: Terminating ESMTP/SMTP connection; malicious pattern detected in the mail address from source_interface:source_address/source_port to dest_interface:dest_address/dset_port. Data:string

%FWSM-2-109011: Authen Session Start: user 'user', sid number

%FWSM-2-112001: (string:dec) Clear complete.

%FWSM-2-201003: Embryonic limit exceeded nconns/elimit for outside_address/outside_port (global_address) inside_address/inside_port on interface interface_name

%FWSM-2-214001: Terminating manager session from IP_address on interface interface_name. Reason: incoming encrypted data (number bytes) longer than number bytes

%FWSM-2-215001:Bad route_compress() call, sdb= number

%FWSM-2-217001: No memory for string in string

%FWSM-2-304007: URL Server IP_address not responding, ENTERING ALLOW mode.

%FWSM-2-304008: LEAVING ALLOW mode, URL Server is up.

%FWSM-2-709007: Configuration replication failed for command command

%FWSM-2-713078: Temp buffer for building mode config attributes exceeded: bufsize available_size, used value

%FWSM-2-713176: Device_type memory resources are critical, IKE key acquire message on interface interface_number, for Peer IP_address ignored

%FWSM-2-717008: Insufficient memory to process_requiring_memory.

%FWSM-2-717011: Unexpected event event event_ID

Error Messages, Severity 3

The following messages appear at severity 3, errors:

%FWSM-3-105010: (Primary) Failover message block alloc failed

%FWSM-3-106010: Deny inbound protocol src interface_name:dest_address/dest_port dst interface_name:source_address/source_port

%FWSM-3-106011: Deny inbound (No xlate) string

%FWSM-3-106014: Deny inbound icmp src interface_name: IP_address dst interface_name: IP_address (type dec, code dec)

%FWSM-3-109010: Auth from inside_address/inside_port to outside_address/outside_port failed (too many pending auths) on interface interface_name.

%FWSM-3-109013: User must authenticate before using this service

%FWSM-3-109016: Can't find authorization ACL acl_ID for user 'user'

%FWSM-3-109018: Downloaded ACL acl_ID is empty

%FWSM-3-109019: Downloaded ACL acl_ID has parsing error; ACE string

%FWSM-3-109020: Downloaded ACL has config error; ACE

%FWSM-3-109023: User from source_address/source_port to dest_address/dest_port on interface outside_interface must authenticate before using this service.

%FWSM-3-109026: [aaa protocol] Invalid reply digest received; shared server key may be mismatched.

%FWSM-3-113001: Unable to open AAA session. Session limit [limit] reached.

%FWSM-3-113018: User: user, Unsupported downloaded ACL Entry: ACL_entry, Action: action

%FWSM-3-201002: Too many TCP connections on {static|xlate} global_address! econns nconns

%FWSM-3-201004: Too many UDP connections on {static|xlate} global_address! udp connections limit

%FWSM-3-201005: FTP data connection failed for IP_address IP_address

%FWSM-3-201006: RCMD backconnection failed for IP_address/port

%FWSM-3-201009: TCP connection limit of number for host IP_address on interface_name exceeded

%FWSM-3-202001: Out of address translation slots!

%FWSM-3-202005: Non-embryonic in embryonic list outside_address/outside_port inside_address/inside_port

%FWSM-3-202011: Connection limit exceeded econns/limit for dir packet from source_address/source_port to dest_address/dest_port on interface interface_name

%FWSM-3-208005: (function:line_num) clear command return code

%FWSM-3-210001: LU sw_module_name error = number

%FWSM-3-210002: LU allocate block (bytes) failed.

%FWSM-3-210003: Unknown LU Object number

%FWSM-3-210005: LU allocate connection failed

%FWSM-3-210006: LU look NAT for IP_address failed

%FWSM-3-210007: LU allocate xlate failed

%FWSM-3-210008: LU no xlate for inside_address/inside_port outside_address/outside_port

%FWSM-3-210010: LU make UDP connection for outside_address:outside_port inside_address:inside_port failed

%FWSM-3-210020: LU PAT port port reserve failed

%FWSM-3-210021: LU create static xlate global_address ifc interface_name failed

%FWSM-3-211001: Memory allocation Error

%FWSM-3-211003: CPU utilization for number seconds = percent

%FWSM-3-212001: Unable to open SNMP channel (UDP port port) on interface interface_number, error code = code

%FWSM-3-212002: Unable to open SNMP trap channel (UDP port port) on interface interface_number, error code = code

%FWSM-3-212003: Unable to receive an SNMP request on interface interface_number, error code = code, will try again.

%FWSM-3-212004: Unable to send an SNMP response to IP Address IP_address Port port interface interface_number, error code = code

%FWSM-3-212005: incoming SNMP request (number bytes) on interface interface_name exceeds data buffer size, discarding this SNMP request.

%FWSM-3-212006: Dropping SNMP request from source_address/source_port to interface_name:dest_address/dest_port because: reason.

%FWSM-3-302019: H.323 library_name ASN Library failed to initialize, error code number

%FWSM-3-302302: ACL = deny; no sa created

%FWSM-3-304003: URL Server IP_address timed out URL url

%FWSM-3-304006: URL Server IP_address not responding

%FWSM-3-305005: No translation group found for protocol src interface_name:dest_address/dest_port dst interface_name:source_address/source_port

%FWSM-3-305006: {outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port dst interface_name:dest_address/dest_port

%FWSM-3-305008: Free unallocated global IP address.

%FWSM-3-313001: Denied ICMP type=number, code=code from IP_address on interface interface_name

%FWSM-3-313008: Denied ICMPv6 type=number, code=code from IP_address on interface interface_name

%FWSM-3-315004: Fail to establish SSH session because RSA host key retrieval failed.

%FWSM-3-316001: Denied new tunnel to IP_address. VPN peer limit (platform_vpn_peer_limit) exceeded

%FWSM-3-317001: No memory available for limit_slow

%FWSM-3-317002: Bad path index of number for IP_address, number max

%FWSM-3-317003: IP routing table creation failure - reason

%FWSM-3-317004: IP routing table limit warning

%FWSM-3-317005: IP routing table limit exceeded - reason, IP_address netmask

%FWSM-3-318001: Internal error: reason

%FWSM-3-318002: Flagged as being an ABR without a backbone area

%FWSM-3-318003: Reached unknown state in neighbor state machine

%FWSM-3-318004: area string lsid IP_address mask netmask adv IP_address type number

%FWSM-3-318005: lsid ip_address adv IP_address type number gateway gateway_address metric number network IP_address mask netmask protocol hex attr hex net-metric number

%FWSM-3-318006: if interface_name if_state number

%FWSM-3-318007: OSPF is enabled on interface_name during idb initialization

%FWSM-3-318008: OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id

%FWSM-3-319001: Acknowledge for arp update for IP address dest_address not received (number).

%FWSM-3-319002: Acknowledge for route update for IP address dest_address not received (number).

%FWSM-3-319003: Arp update for IP address address to NPn failed.

%FWSM-3-319004: Route update for IP address dest_address failed (number).

%FWSM-3-320001: The subject name of the peer cert is not allowed for connection

%FWSM-3-322001: Deny MAC address MAC_address, possible spoof attempt on interface interface

%FWSM-3-322002: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC Address MAC_address_2.

%FWSM-3-322003:ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address.

%FWSM-3-324000: Drop GTPv version message msg_type from source_interface:source_address/source_port to dest_interface:dest_address/dest_port Reason: reason

%FWSM-3-324001: GTPv0 packet parsing error from source_interface:source_address/source_port to dest_interface:dest_address/dest_port, TID: tid_value, Reason: reason

%FWSM-3-324002: No PDP[MCB] exists to process GTPv0 msg_type from source_interface:source_address/source_port to dest_interface:dest_address/dest_port, TID: tid_value

%FWSM-3-324003: No matching request to process GTPv version msg_type from source_interface:source_address/source_port to source_interface:dest_address/dest_port

%FWSM-3-324004: GTP packet with version%d from source_interface:source_address/source_port to dest_interface:dest_address/dest_port is not supported

%FWSM-3-324005: Unable to create tunnel from source_interface:source_address/source_port to dest_interface:dest_address/dest_port

%FWSM-3-324006:GSN IP_address tunnel limit tunnel_limit exceeded, PDP Context TID tid failed

%FWSM-3-324007: Unable to create GTP connection for response from source_interface:source_address/0 to dest_interface:dest_address/dest_port

%FWSM-3-325001: Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings

%FWSM-3-326001: Unexpected error in the timer library: error_message

%FWSM-3-326002: Error in error_message : error_message

%FWSM-3-326004: An internal error occurred while processing a packet queue

%FWSM-3-326005: Mrib notification failed for (IP_address, IP_address)

%FWSM-3-326006: Entry-creation failed for (IP_address, IP_address)

%FWSM-3-326007: Entry-update failed for (IP_address, IP_address)

%FWSM-3-326008: MRIB registration failed

%FWSM-3-326009: MRIB connection-open failed

%FWSM-3-326010: MRIB unbind failed

%FWSM-3-326011: MRIB table deletion failed

%FWSM-3-326012: Initialization of string functionality failed

%FWSM-3-326013: Internal error: string in string line %d (%s)

%FWSM-3-326014: Initialization failed: error_message error_message

%FWSM-3-326015: Communication error: error_message error_message

%FWSM-3-326016: Failed to set un-numbered interface for interface_name (string)

%FWSM-3-326017: Interface Manager error - string in string : string

%FWSM-3-326019: string in string : string

%FWSM-3-326020: List error in string : string

%FWSM-3-326021: Error in string : string

%FWSM-3-326022: Error in string : string

%FWSM-3-326023: string - IP_address : string

%FWSM-3-326024: An internal error occurred while processing a packet queue.

%FWSM-3-326025: string

%FWSM-3-326026: Server unexpected error: error_messsage

%FWSM-3-326027: Corrupted update: error_messsage

%FWSM-3-326028: Asynchronous error: error_messsage

%FWSM-3-404102: ISAKMP: Exceeded embryonic limit

%FWSM-3-407002: Embryonic limit nconns/elimit for through connections exceeded.outside_address/outside_port to global_address (inside_address)/inside_port on interface interface_name

%FWSM-3-414001: Failed to save logging buffer using file name filename to FTP server ftp_server_address on interface interface_name: [fail_reason]

%FWSM-3-414002: Failed to save logging buffer to flash:/syslog directory using file name: filename: [fail_reason]

%FWSM-3-610001: NTP daemon interface interface_name: Packet denied from IP_address

%FWSM-3-610002: NTP daemon interface interface_name: Authentication failed for packet from IP_address

%FWSM-3-713008: Key ID in ID payload too big for pre-shared IKE tunnel

%FWSM-3-713008: Key ID in ID payload too big for pre-shared IKE tunnel

%FWSM-3-713009: OU in DN in ID payload too big for Certs IKE tunnel

%FWSM-3-713012: Unknown protocol (protocol). Not adding SA w/spi=SPI value

%FWSM-3-713014: Unknown Domain of Interpretation (DOI): DOI value

%FWSM-3-713016: Unknown identification type, Phase 1 or 2, Type ID_Type

%FWSM-3-713017: Identification type not supported, Phase 1 or 2, Type ID_Type

%FWSM-3-713018: Unknown ID type during find of group name for certs, Type ID_Type

%FWSM-3-713020: No Group found by matching OU(s) from ID payload: OU_value

%FWSM-3-713022: No Group found matching peer_ID or IP_address for Pre-shared key peer IP_address

%FWSM-3-713032: Received invalid local Proxy Range IP_address - IP_address

%FWSM-3-713033: Received invalid remote Proxy Range IP_address - IP_address

%FWSM-3-713042: IKE Initiator unable to find policy: Intf interface_number, Src: source_address, Dst: dest_address

%FWSM-3-713043: Cookie/peer address IP_address session already in progress

%FWSM-3-713047: Unsupported Oakley group: Group Diffie-Hellman group

%FWSM-3-713048: Error processing payload: Payload ID: id

%FWSM-3-713051: Terminating connection attempt: IPSEC not permitted for group (group_name)

%FWSM-3-713056: Tunnel rejected: SA (SA_name) not found for group (group_name)!

%FWSM-3-713059: Tunnel Rejected: User (user) matched with group name, group-lock check failed.

%FWSM-3-713060: Tunnel Rejected: User (user) not member of group (group_name), group-lock check failed.

%FWSM-3-713061: Tunnel rejected: Crypto Map Policy not found for Src:source_address, Dst: dest_address!

%FWSM-3-713062: IKE Peer address same as our interface address IP_address

%FWSM-3-713063: IKE Peer address not configured for destination IP_address

%FWSM-3-713065: IKE Remote Peer did not negotiate the following: proposal attribute

%FWSM-3-713072: Password for user (user) too long, truncating to number characters

%FWSM-3-713081: Unsupported certificate encoding type encoding_type

%FWSM-3-713082: Failed to retrieve identity certificate

%FWSM-3-713083: Invalid certificate handle

%FWSM-3-713084: Received invalid phase 1 port value (port) in ID payload

%FWSM-3-713085: Received invalid phase 1 protocol (protocol) in ID payload

%FWSM-3-713086: Received unexpected Certificate payload Possible invalid Auth Method (Auth method (auth numerical value))

%FWSM-3-713088: Set Cert filehandle failure: no IPSec SA in group group_name

%FWSM-3-713098: Aborting: No identity cert specified in IPSec SA (SA_name)!

%FWSM-3-713102: Phase 1 ID Data length number too long - reject tunnel!

%FWSM-3-713105: Zero length data in ID payload received during phase 1 or 2 processing

%FWSM-3-713107: IP_Address request attempt failed!

%FWSM-3-713109: Unable to process the received peer certificate

%FWSM-3-713112: Failed to process CONNECTED notify (SPI SPI_value)!

%FWSM-3-713116: Terminating connection attempt: L2TP-over-IPSEC attempted by group (group_name) but L2TP disabled

%FWSM-3-713118: Detected invalid Diffie-Helmann group_descriptor group_number, in IKE area

%FWSM-3-713119: PHASE 1 COMPLETED

%FWSM-3-713122: Keep-alives configured keepalive_type but peer IP_address support keep-alives (type = keepalive_type)

%FWSM-3-713123: IKE lost contact with remote peer, deleting connection (keepalive type: keepalive_type)

%FWSM-3-713124: Received DPD sequence number rcv_sequence_# in DPD Action, description expected seq #

%FWSM-3-713127: Xauth required but selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike proposal list

%FWSM-3-713128: Connection attempt to VCPIP redirected to VCA peer IP_address via load balancing

%FWSM-3-713129: Received unexpected Transaction Exchange payload type: payload_id

%FWSM-3-713132: Cannot obtain an IP_address for remote peer

%FWSM-3-713133: Mismatch: Overriding phase 2 DH Group(DH group DH group_id) with phase 1 group(DH group DH group_number

%FWSM-3-713134: Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the L2L connection

%FWSM-3-713138: Group group_name not found and BASE GROUP default preshared key not configured

%FWSM-3-713140: Split Tunneling Policy requires network list but none configured

%FWSM-3-713141: Client-reported firewall does not match configured firewall: action tunnel. Received -- Vendor: vendor(id), Product product(id), Caps: capability_value. Expected -- Vendor: vendor(id), Product: product(id), Caps: capability_value

%FWSM-3-713142: Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected -- Vendor: vendor(id), Product product(id), Caps: capability_value

%FWSM-3-713146: Could not add route for Hardware Client in network extension mode, address: IP_address, mask: netmask

%FWSM-3-713149: Hardware client security attribute attribute_name was enabled but not requested.

%FWSM-3-713152: Unable to obtain any rules from filter ACL_tag to send to client for CPP, terminating connection.

%FWSM-3-713159: TCP Connection to Firewall Server has been lost, restricted tunnels are now allowed full network access

%FWSM-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server

%FWSM-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server

%FWSM-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server

%FWSM-3-713165: Client IKE Auth mode differs from the group's configured Auth mode

%FWSM-3-713166: Headend security gateway has failed our user authentication attempt - check configured username and password

%FWSM-3-713167: Remote peer has failed user authentication - check configured username and password

%FWSM-3-713168: Re-auth enabled, but tunnel must be authenticated interactively!

%FWSM-3-713174: Hardware Client connection rejected! Network Extension Mode is not allowed for this group!

%FWSM-3-713182: IKE could not recognize the version of the client! IPSec Fragmentation Policy will be ignored for this connection!

%FWSM-3-713185: Error: Username too long - connection aborted

%FWSM-3-713186: Invalid secondary domain name list received from the authentication server. List Received: list_text Character index (value) is illegal

%FWSM-3-713189: Attempted to assign network or broadcast IP_address, removing (IP_address) from pool.

%FWSM-3-713193: Received packet with missing payload, Expected payload: payload_id

%FWSM-3-713194: IKE|IPSec Delete With Reason message: termination_reason

%FWSM-3-713195: Tunnel rejected: Originate-Only: Cannot accept incoming tunnel yet!

%FWSM-3-713198: User Authorization failed: user User authorization failed.

%FWSM-3-713203: IKE Receiver: Error reading from socket.

%FWSM-3-713205: Could not add static route for client address: IP_address

%FWSM-3-713206: Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy

%FWSM-3-713208: Cannot create dynamic rule for Backup L2L entry rule rule_id

%FWSM-3-713209: Cannot delete dynamic rule for Backup L2L entry rule id

%FWSM-3-713210: Cannot create dynamic map for Backup L2L entry rule_id

%FWSM-3-713212: Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: netmask

%FWSM-3-713214: Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask

%FWSM-3-713217: Skipping unrecognized rule: action: action client type: client_type client version: client_version

%FWSM-3-713218: Tunnel Rejected: Client Type or Version not allowed.

%FWSM-3-713226: Connection failed with peer IP_address, no trust-point defined in tunnel-group tunnel_group

%FWSM-3-717001: Querying keypair failed.

%FWSM-3-717002: Certificate enrollment failed for trustpoint trustpoint_name. Reason: reason_string.

%FWSM-3-717009: Certificate validation failed. Reason: reason_string.

%FWSM-3-717010: CRL polling failed for trustpoint trustpoint_name.

%FWSM-3-717012: Failed to refresh CRL cache entry from the server for trustpoint trustpoint_name at time_of_failure

%FWSM-3-717015: CRL received from issuer is too large to process (CRL size = crl_size, maximum CRL size = max_crl_size)

%FWSM-3-717017: Failed to query CA certificate for trustpoint trustpoint_name from enrollment_url

%FWSM-3-717018: CRL received from issuer has too many entries to process (number of entries = number_of_entries, maximum number allowed = max_allowed)

%FWSM-3-717019: Failed to insert CRL for trustpoint trustpoint_name. Reason: failure_reason.

Warning Messages, Severity 4

The following messages appear at severity 4, warning:

%FWSM-4-106023: Deny protocol src [interface_name:source_address/source_port] dst interface_name:dest_address/dest_port [type {string}, code {code}] by access_group acl_ID

%FWSM-4-106027:Failed to determine the security context for the packet:vlansource Vlan#:ethertype src sourceMAC dst destMAC

%FWSM-4-109017: User at IP_address exceeded auth proxy connection limit (max)

%FWSM-4-109022: exceeded HTTPS proxy process limit

%FWSM-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user

%FWSM-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port

%FWSM-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.

%FWSM-4-109031: NT Domain Authentication Failed: rejecting guest login for username.

FWSM-4-109037: Authentication cannot be done for the user from src_ip to dest_ip for application since auth_proto client is too busy

%FWSM-4-109039: Func_ID: Uauth Unproxy Failed due to the reason: Failed_Reason

%FWSM-4-209003: Fragment database limit of number exceeded: src = source_address, dest = dest_address, proto = protocol, id = number

%FWSM-4-209004: Invalid IP fragment, size = bytes exceeds maximum size = bytes: src = source_address, dest = dest_address, proto = protocol, id = number

%FWSM-4-209005: Discard IP fragment set with more than number elements: src = Too many elements are in a fragment set.

%FWSM-4-308002: static global_address inside_address netmask netmask overlapped with global_address inside_address

%FWSM-4-313003: Invalid destination for ICMP error

%FWSM-4-313004:Denied ICMP type=icmp_type, from source_address oninterface interface_name to dest_address:no matching session

%FWSM-4-325002: Duplicate address ipv6_address/MAC_address on interface

%FWSM-4-402101: decaps: rec'd IPSEC packet has invalid spi for destaddr=dest_address, prot=protocol, spi=number

%FWSM-4-402102: decapsulate: packet missing {AH|ESP}, destadr=dest_address, actual prot=protocol

%FWSM-4-402103: identity doesn't match negotiated identity (ip) dest_address= dest_address, src_addr= source_address, prot= protocol, (ident) local=inside_address, remote=remote_address, local_proxy=IP_address/IP_address/port/port, remote_proxy=IP_address/IP_address/port/port

%FWSM-4-402106: Rec'd packet not an IPSEC packet (ip) dest_address= dest_address, src_addr= source_address, prot= protocol

%FWSM-4-404101: ISAKMP: Failed to allocate address for client from pool string

%FWSM-4-405001: Received ARP {request | response} collision from IP_address/MAC_address on interface interface_name

%FWSM-4-405002: Received mac mismatch collision from IP_address/MAC_address for authenticated host

%FWSM-4-405101: Unable to Pre-allocate H225 Call Signalling Connection for foreign_address outside_address[/outside_port] to local_address inside_address[/inside_port]

%FWSM-4-405102: Unable to Pre-allocate H245 Connection for foreign_address outside_address[/outside_port] to local_address inside_address[/inside_port]

%FWSM-4-405103: H225 message from source_address/source_port to dest_address/dest_port contains bad protocol discriminator hex

%FWSM-4-405104: H225 message received from outside_address/outside_port to inside_address/inside_port before SETUP

%FWSM-4-405105: H323 RAS message AdmissionConfirm received from source_address/source_port to dest_address/dest_port without an AdmissionRequest

%FWSM-4-405201: ILS ILS_message_type from inside_interface:source_IP_address to outside_interface:/destination_IP_address has wrong embedded address embedded_IP_address

%FWSM-4-406001: FTP port command low port: IP_address/port to IP_address on interface interface_name

%FWSM-4-406002: FTP port command different address: IP_address(IP_address) to IP_address on interface interface_name

%FWSM-4-407001: Deny traffic for local-host interface_name:inside_address, license limit of number exceeded

%FWSM-4-407003: Established limit for RPC services exceeded number

%FWSM-4-408001: IP route counter negative - reason, IP_address Attempt: number

%FWSM-4-408002: ospf process id route type update address1 netmask1 [distance1/metric1] via source IP:interface1 address2 netmask2 [distance2/metric2] interface2

%FWSM-4-409001: Database scanner: external LSA IP_address netmask is lost, reinstalls

%FWSM-4-409002: db_free: external LSA IP_address netmask

%FWSM-4-409003: Received invalid packet: reason from IP_address, interface_name

%FWSM-4-409004: Received reason from unknown neighbor IP_address

%FWSM-4-409005: Invalid length number in OSPF packet from IP_address (ID IP_address), interface_name

%FWSM-4-409006: Invalid lsa: reason Type number, LSID IP_address from IP_address, IP_address, interface_name

%FWSM-4-409007: Found LSA with the same host bit set but using different mask LSA ID IP_address netmask New: Destination IP_address netmask

%FWSM-4-409008: Found generating default LSA with non-zero mask LSA type : number Mask: netmask metric : number area : string

%FWSM-4-409009: OSPF process number cannot start. There must be at least one up IP interface, for OSPF to use as router ID

%FWSM-4-409010: Virtual link information found in non-backbone area: string

%FWSM-4-409011: OSPF detected duplicate router-id IP_address from IP_address on interface interface_name

%FWSM-4-409012: Detected router with duplicate router ID IP_address in area string

%FWSM-4-409013: Detected router with duplicate router ID IP_address in Type-4 LSA advertised by IP_address

%FWSM-4-409023: Attempting AAA Fallback method method_name for request_type request for user user :Auth-server group server_tag unreachable

%FWSM-4-410001: UDP DNS request from source_interface:source_address/source_port to dest_interface:dest_address/dest_port; (label length | domain-name length) 52 bytes exceeds remaining packet length of 44 bytes.

%FWSM-4-411001:Line protocol on interface interface_name changed state to up

%FWSM-4-411002:Line protocol on interface interface_name changed state to down

%FWSM-4-411003: Configuration status on interface interface_name changed state to administratively down

%FWSM-4-411004: Configuration status on interface interface_name changed state to up

%FWSM-4-412001:MAC MAC_address moved from interface_1 to interface_2

%FWSM-4-412002:Detected bridge table full while inserting MAC MAC_address on interface interface. Number of entries = num

%FWSM-4-415012:internal_sig_id HTTP Deobfuscation signature detected - action HTTP deobfuscation detected IPS evasion technique from source_address to dest_address

%FWSM-4-415014:internal_sig_id unanswered HTTP requests exceeded from source_address to dest_address

%FWSM-4-416001: Dropped UDP SNMP packet from source_interface :source_IP/source_port to dest_interface:dest_address/dest_port; version (prot_version) is not allowed through the firewall

%FWSM-4-417001: Unexpected event received: number

%FWSM-4-417004: Filter violation error: conn number (string:string) in string

%FWSM-4-417006: No memory for string) in string. Handling: string

%FWSM-4-418001: Through-the-device packet to/from management-only network is denied: protocol_string from interface_name IP_address (port) to interface_name IP_address (port)

%FWSM-4-500004: Invalid transport field for protocol=protocol, from source_address/source_port to dest_address/dest_port

%FWSM-4-507002: Data copy in proxy-mode exceeded the buffer limit

%FWSM-4-612002: Auto Update failed:filename, version:number, reason:reason

%FWSM-4-612003:Auto Update failed to contact:url, reason:reason

%FWSM-4-620002: Unsupported CTIQBE version: hex: from interface_name:IP_address/port to interface_name:IP_address/port

%FWSM-4-713154: DNS lookup for peer_description Server [server_name] failed!

%FWSM-4-713157: Timed out on initial contact to server [server_name or IP_address] Tunnel could not be established.

%FWSM-4-713903:Descriptive_event_string.

%FWSM-4-720001: (VPN-unit) Failed to initialize with Chunk Manager.

%FWSM-4-720007: (VPN-unit) Failed to allocate chunk from Chunk Manager.

%FWSM-4-720008: (VPN-unit) Failed to register to High Availability Framework.

%FWSM-4-720009: (VPN-unit) Failed to create version control block.

%FWSM-4-720011: (VPN-unit) Failed to allocate memory

%FWSM-4-720013: (VPN-unit) Failed to insert certificate in trust point trustpoint_name

Notification Messages, Severity 5

The following messages appear at severity 5, notifications:

%FWSM-5-109012: Authen Session End: user 'user', sid number, elapsed number seconds

%FWSM-5-111003: IP_address Erase configuration

%FWSM-5-111004: IP_address end configuration: {FAILED|OK}

%FWSM-5-111005: IP_address end configuration: OK

%FWSM-5-111007: Begin configuration: IP_address reading from device.

%FWSM-5-111008: User user executed the command string

%FWSM-5-199001: Reload command executed from telnet (remote IP_address).

%FWSM-5-199006: Orderly reload started at when by whom. Reload reason: reason

%FWSM-5-1999007:IP detected an attached application using port port while removing context

%FWSM-5-1999008:Protocol detected an attached application using local port local_port and destination port dest_port

%FWSM-5-303004: FTP cmd_string command unsupported - failed strict inspection, terminating connection from source_interface:source_address/source_port to dest_interface:dest_address/dest_interface

%FWSM-5-304001: user source_address Accessed {JAVA URL|URL} dest_address: url.

%FWSM-5-304002: Access denied URL chars SRC IP_address DEST IP_address: chars

%FWSM-5-321001: Resource var1 limit of var2 reached.

%FWSM-5-321002: Resource var1 rate limit of var2 reached.

%FWSM-5-415001:internal_sig_id HTTP Tunnel detected - action tunnel_type from source_address to dest_address

%FWSM-5-415002:internal_sig_id HTTP Instant Messenger detected - action instant_messenger_type from source_address to dest_address

%FWSM-5-415003:internal_sig_id HTTP Peer-to-Peer detected - action peer_to_peer_type from source_address to dest_address

%FWSM-5-415005:Internal_Sig_Id Content type does not match specified type - Action Content Verification Failed from source_address to Dst_IP_Address

%FWSM-5-415007:internal_sig_id HTTP Extension method detected - action `method_name' from source_address to dest_address

%FWSM-5-415008:internal_sig_id HTTP RFC method detected - action `method_name' from source_address to dest_address

%FWSM-5-415010:internal_sig_id HTTP protocol violation detected - action HTTP Protocol not detected from source_address to dest_address

%FWSM-5-415013:internal_sig_id HTTP Transfer encoding violation detected - action Xfer_encode Transfer encoding not allowed from source_address to dest_address

%FWSM-5-500001: ActiveX content modified src IP_address dest IP_address on interface interface_name.

%FWSM-5-500002: Java content modified src IP_address dest IP_address on interface interface_name.

%FWSM-5-500003: Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port, flags: tcp_flags, on interface interface_name

%FWSM-5-505001: Module in slot slotnum is shutting down. Please wait...

%FWSM-5-505002: Module in slot slotnum is reloading. Please wait...

%FWSM-5-505003: Module in slot slotnum is resetting. Please wait...

%FWSM-5-505004: Module in slot slotnum shutdown is complete.

%FWSM-5-505005: Module in slot slotnum is initializing control communication. Please wait...

%FWSM-5-505006: Module in slot slotnum is Up.

%FWSM-5-505007: Module in slot slotnum is recovering. Please wait...

%FWSM-5-506001: event_source_string event_string

%FWSM-5-501101: User transitioning priv level

%FWSM-5-502101: New user added to local dbase: Uname: user Priv: privilege_level Encpass: string

%FWSM-5-502102: User deleted from local dbase: Uname: user Priv: privilege_level Encpass: string

%FWSM-5-502103: User priv level changed: Uname: user From: privilege_level To: privilege_level

%FWSM-5-502111: New group policy added: name: policy_name Type: policy_type

%FWSM-5-502112: Group policy deleted: name: policy_name Type: policy_type

%FWSM-5-503001: Process number, Nbr IP_address on interface_name from string to string, reason

%FWSM-5-504001: Security context context_name was added to the system

%FWSM-5-504002: Security context context_name was removed from the system

%FWSM-5-507001: Terminating TCP-Proxy connection from interface_inside:source_address/source_port to interface_outside:dest_address/dest_port - reassembly limit of limit bytes exceeded

%FWSM-5-612001: Auto Update succeeded:filename, version:number

%FWSM-5-713006: Failed to obtain state for message Id message_number, Peer Address: IP_address

%FWSM-5-713010: IKE area: failed to find centry for message Id message_number

%FWSM-5-713041: IKE Initiator: new or rekey Phase 1 or 2, Intf interface_number, IKE Peer IP_address local Proxy Address IP_address, remote Proxy Address IP_address, Crypto map (crypto map tag)

%FWSM-5-713049: Security negotiation complete for tunnel_type type (group_name) Initiator/Responder, Inbound SPI = SPI, Outbound SPI = SPI

%FWSM-5-713050: Connection terminated for peer IP_address. Reason: termination reason Remote Proxy IP_address, Local Proxy IP_address

%FWSM-5-713068: Received non-routine Notify message: notify_type (notify_value)

%FWSM-5-713073: Responder forcing change of Phase 1/Phase 2 rekeying duration from larger_value to smaller_value seconds

%FWSM-5-713074: Responder forcing change of IPSec rekeying duration from larger_value to smaller_value Kbs

%FWSM-5-713075: Overriding Initiator's IPSec rekeying duration from larger_value to smaller_value seconds

%FWSM-5-713076: Overriding Initiator's IPSec rekeying duration from larger_value to smaller_value Kbs

%FWSM-5-713092: Failure during phase 1 rekeying attempt due to collision

%FWSM-5-713115: Client rejected NAT enabled IPSec request, falling back to standard IPSec

%FWSM-5-713130: Received unsupported transaction mode attribute: attribute id

%FWSM-5-713131: Received unknown transaction mode attribute: attribute_id

%FWSM-5-713135: message received, redirecting tunnel to IP_address.

%FWSM-5-713136: IKE session establishment timed out [IKE_state_name], aborting!

%FWSM-5-713137: Reaper overriding refCnt [ref_count] and tunnelCnt [tunnel_count] -- deleting SA!

%FWSM-5-713139: group_name not found, using BASE GROUP default preshared key

%FWSM-5-713144: Ignoring received malformed firewall record; reason - error_reason TLV type attribute_value correction

%FWSM-5-713148: Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: netmask

%FWSM-5-713155: DNS lookup for Primary VPN Server [server_name] successfully resolved after a previous failure. Resetting any Backup Server init.

%FWSM-5-713156: Initializing Backup Server [server_name or IP_address]

%FWSM-5-713158: Client rejected NAT enabled IPSec Over UDP request, falling back to IPSec Over TCP

%FWSM-5-713178: IKE Initiator received a packet from its peer without a Responder cookie

%FWSM-5-713179: IKE AM Initiator received a packet from its peer without a payload_type payload

%FWSM-5-713196: Remote L2L Peer IP_address initiated a tunnel with same outer and inner addresses.Peer could be Originate Only - Possible misconfiguration!

%FWSM-5-713197: The configured Confidence Interval of number seconds is invalid for this tunnel_type connection. Enforcing the second default.

%FWSM-5-713199: Reaper corrected an SA that has not decremented the concurrent IKE negotiations counter (counter_value)!

%FWSM-5-713216: Rule: action Client type : version Client: type version is/is not allowed

%FWSM-5-713229: Auto Update - Notification to client client_ip of update string: message_string.

%FWSM-5-713904:Descriptive_event_string.

%FWSM-5-717013: Removing a cached CRL to accommodate an incoming CRL. Issuer: issuer

%FWSM-5-717014: Unable to cache a CRL received from CDP due to size limitations (CRL size = size, available cache space = space)

%FWSM-5-719014: Email Proxy is changing listen port from old_port to new_port for mail protocol protocol.

%FWSM-5-720016: (VPN-unit) Failed to initialize default timer #index.

%FWSM-5-720017: (VPN-unit) Failed to update LB runtime data

%FWSM-5-720018: (VPN-unit) Failed to get a buffer from the underlying core high availability subsystem. Error code code.

%FWSM-5-720019: (VPN-unit) Failed to update cTCP statistics.

%FWSM-5-720020: (VPN-unit) Failed to send type timer message.

Informational Messages, Severity 6

The following messages appear at severity 6, informational:

%FWSM-6-106012: Deny IP from IP_address to IP_address, IP options hex.

%FWSM-6-106015: Deny TCP (no connection) from IP_address/port to IP_address/port flags tcp_flags on interface interface_name.

%FWSM-6-106025: Failed to determine the security context for the packet:sourceVlan:source_address dest_address source_port dest_port protocol

%FWSM-6-106026: Failed to determine the security context for the packet:sourceVlan:source_address dest_address source_port dest_port protocol

%FWSM-6-106100: access-list acl_ID {permitted | denied | est-allowed} protocol interface_name/source_address(source_port) -> interface_name/dest_address(dest_port) hit-cnt number ({first hit | number-second interval})

%FWSM-6-109001: Auth start for user user from inside_address/inside_port to outside_address/outside_port

%FWSM-6-109002: Auth from inside_address/inside_port to outside_address/outside_port failed (server IP_address failed) on interface interface_name.

%FWSM-6-109003: Auth from inside_address to outside_address/outside_port failed (all servers failed) on interface interface_name.

%FWSM-6-109005: Authentication succeeded for user user from inside_address/inside_port to outside_address/outside_port on interface interface_name.

%FWSM-6-109006: Authentication failed for user user from inside_address/inside_port to outside_address/outside_port on interface interface_name.

%FWSM-6-109007: Authorization permitted for user user from inside_address/inside_port to outside_address/outside_port on interface interface_name.

%FWSM-6-109008: Authorization denied for user user from outside_address/outside_port to inside_address/ inside_port on interface interface_name.

%FWSM-6-109024: Authorization denied from source_address/source_port to dest_address/dest_port (not authenticated) on interface interface_name using protocol

%FWSM-6-109025: Authorization denied (acl=acl_ID) for user 'user' from source_address/source_port to dest_address/dest_port on interface interface_name using protocol

%FWSM-6-110001: No route to dest_address from source_address

%FWSM-6-113003: AAA group policy for user user is being set to policy_name.

%FWSM-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user

%FWSM-6-113005: AAA user authentication Rejected: reason = string: server = server_IP_address, User = user

%FWSM-6-113006: User user locked out on exceeding number successive failed authentication attempts

%FWSM-6-113007: User user unlocked by administrator

%FWSM-6-113008: AAA transaction status ACCEPT: user = user

%FWSM-6-113009: AAA retrieved default group policy policy for user user

%FWSM-6-113010: AAA challenge received for user user from server server_IP_address

%FWSM-6-113011: AAA retrieved user specific group policy policy for user user

%FWSM-6-113012: AAA user authentication Successful: local database : user = user

%FWSM-6-113013: AAA unable to complete the request Error: reason = reason: user = user

%FWSM-6-113014: AAA authentication server not accessible: server = server_IP_address: user = user

%FWSM-6-113015: AAA user authentication Rejected: reason = reason : local database: user = user

%FWSM-6-113016: AAA credentials rejected: reason = reason: server = server_IP_address: user = user

%FWSM-6-113017: AAA credentials rejected: reason = reason: local database: user = user\

%FWSM-6-199002: startup completed. Beginning operation.

%FWSM-6-199003: Reducing link MTU dec.

%FWSM-6-199005: Startup begin

%FWSM-6-210022: LU missed number updates

%FWSM-6-302003: Built H245 connection for foreign_address outside_address/outside_port local_address inside_address/inside_port

%FWSM-6-302004: Pre-allocate H323 UDP backconnection for foreign_address outside_address/outside_port to local_address inside_address/inside_port

%FWSM-6-302009: Rebuilt TCP connection number for foreign_address outside_address/outside_port global_address global_address/global_port local_address inside_address/inside_port

%FWSM-6-302010: connections in use, connections most used

%FWSM-6-302012: Pre-allocate H225 Call Signalling Connection for faddr IP_address/port to laddr IP_address

%FWSM-6-302013: Built {inbound|outbound} TCP connection_id for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port (mapped-address/mapped-port) [(user)]

%FWSM-6-302014: Teardown TCP connection id for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss bytes bytes [reason] [(user)]

%FWSM-6-302015: Built {inbound|outbound} UDP connection number for interface_name:real_address/real_port (mapped_address/mapped_port) to interface_name:real_address/real_port (mapped_address/mapped_port) [(user)]

%FWSM-6-302016: Teardown UDP connection number for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss bytes bytes [(user)]

%FWSM-6-302017: Built {inbound|outbound} GRE connection id from interface:real_address (translated_address) to interface:real_address/real_cid (translated_address/translated_cid)[(user)

%FWSM-6-302018: Teardown GRE connection id from interface:real_address (translated_address) to interface:real_address/real_cid (translated_address/translated_cid) duration hh:mm:ss bytes bytes [(user)]

%FWSM-6-302020: Built {in | out}bound ICMP connection for faddr {faddr | icmp_seq_num} gaddr {gaddr | cmp_type} laddr laddr

%FWSM-6-302021: Teardown ICMP connection for faddr {faddr | icmp_seq_num} gaddr {gaddr | cmp_type} laddr laddr

%FWSM-6-303002: source_address {Stored|Retrieved} dest_address: mapped_address

%FWSM-6-303003: FTP cmd_name command denied - failed strict inspection, terminating connection from source_interface:source_address/source_port to dest_interface:dest_address/dest_port

%FWSM-6-304004: URL Server IP_address request failed URL url

%FWSM-6-305007: addrpool_free(): Orphan IP IP_address on interface interface_number

%FWSM-6-305009: Built {dynamic|static} translation from interface_name [(acl-name)]:real_address to interface_name:mapped_address

%FWSM-6-305010: Teardown {dynamic|static} translation from interface_name:real_address to interface_name:mapped_address duration time

%FWSM-6-305011: Built {dynamic|static} {TCP|UDP|ICMP} translation from interface_name:real_address/real_port to interface_name:mapped_address/mapped_port

%FWSM-6-305012: Teardown {dynamic|static} {TCP|UDP|ICMP} translation from interface_name [(acl-name)]:real_address/{real_port|real_ICMP_ID}to interface_name:mapped_address/{mapped_port|mapped_ICMP_ID} duration time

%FWSM-6-308001: console enable password incorrect for number tries (from IP_address)

%FWSM-6-311001: LU loading standby start

%FWSM-6-311002: LU loading standby end

%FWSM-6-311003: LU recv thread up

%FWSM-6-311004: LU xmit thread up

%FWSM-6-312001: RIP hdr failed from IP_address: cmd=string, version=number domain=string on interface interface_name

%FWSM-6-314001: Pre-allocate RTSP UDP backconnection for foreign_address outside_address/outside_port to local_address inside_address/inside_port

%FWSM-6-315011: SSH session from IP_address on interface interface_name for user user disconnected by SSH server, reason: reason

%FWSM-6-321003: Resource var1 log level of var2 reached.

%FWSM-6-321004: Resource var1 rate log level of var2 reached

%FWSM-6-415006:internal_sig_id Content size size out of range - action content-length from source_address to dest_address

%FWSM-6-415009:internal_sig_id HTTP Header length exceeded. Received length byte Header - action header length exceeded from source_address to dest_address

%FWSM-6-415011:internal_sig_id HTTP URL Length exceeded. Received size byte URL - action URI length exceeded from source_address to dest_address

%FWSM-6-602101: PMTU-D packet number bytes greater than effective mtu number dest_addr=dest_address, src_addr=source_address, prot=protocol

%FWSM-6-602102: Adjusting IPSec tunnel mtu...

%FWSM-6-602201: ISAKMP Phase 1 SA created (local IP_address/port (initiator|responder), remote IP_address/port, authentication=auth_type, encryption=encr_alg, hash=hash_alg, group=DH_grp, lifetime=seconds)

%FWSM-6-602202: ISAKMP session connected (local IP_address (initiator|responder), remote IP_address)

%PIX-6-602203: ISAKMP session disconnected (local IP_address (initiator|responder), remote IP_address)

%FWSM-6-602301: sa created...

%FWSM-6-602302: deleting sa

%FWSM-6-604101: DHCP client interface interface_name: Allocated ip = IP_address, mask = netmask, gw = gateway_address

%FWSM-6-604102: DHCP client interface interface_name: address released

%FWSM-6-604103: DHCP daemon interface interface_name: address granted MAC_address (IP_address)

%FWSM-6-604104: DHCP daemon interface interface_name: address released

%FWSM-6-605005: Login permitted from IP_address/telnet to outside IP_address/ssh for user "pix"

%FWSM-6-606001: ASDM session number number from IP_address started

%FWSM-6-606002: ASDM session number number from IP_address ended

%FWSM-6-606003: ASDM logging session number id from IP_address started id session ID assigned

%FWSM-6-606004: ASDM logging session number id from IP_address ended

%FWSM-6-607001: Pre-allocate SIP connection_type secondary channel for interface_name:IP_address/port to interface_name:IP_address from string message

%FWSM-6-608001: Pre-allocate Skinny connection_type secondary channel for interface_name:IP_address to interface_name:IP_address/port from string message

%FWSM-6-609001: Built local-host interface_name:IP_address

%FWSM-6-609002: Teardown local-host interface_name:IP_address duration time

%FWSM-6-610101: Authorization failed: Cmd: command Cmdtype: command_modifier

%FWSM-6-613001: Checksum Failure in database in area string Link State Id IP_address Old Checksum number New Checksum number

%FWSM-6-613002: interface interface_name has zero bandwidth

%FWSM-6-613003: IP_address netmask changed from area string to area string

%FWSM-6-614001: Split DNS: request patched from server: IP_address to server: IP_address

%FWSM-6-614002: Split DNS: reply from server:IP_address reverse patched back to original server:IP_address

%FWSM-6-615001: vlan number not available for firewall interface

%FWSM-6-615002: vlan number available for firewall interface

%FWSM-6-616001:Pre-allocate MGCP data_channel connection for inside_interface:inside_address to outside_interface:outside_address/port from message_type message

%FWSM-6-617001: GTPv version msg_type from source_interface:source_address/source_port not accepted by source_interface:dest_address/dest_port

%FWSM-6-617002: Removing v1 PDP Context with TID tid from GGSN IP_address and SGSN IP_address, Reason: reason or Removing v1 primary|secondary PDP Context with TID tid from GGSN IP_address and SGSN IP_address, Reason: reason

%FWSM-6-617003: GTP Tunnel created from source_interface:source_address/source_port to source_interface:dest_address/dest_port

%FWSM-6-617004: GTP connection created for response from source_interface:source_address/0 to source_interface:dest_address/dest_port

%FWSM-6-620001: Pre-allocate CTIQBE {RTP | RTCP} secondary channel for interface_name:outside_address[/outside_port] to interface_name:inside_address[/inside_port] from CTIQBE_message_name message

%FWSM-6-621001: Interface interface_name does not support multicast, not enabled

%FWSM-6-621002: Interface interface_name does not support multicast, not enabled

%FWSM-6-621003: The event queue size has exceeded number

%FWSM-6-621006: Mrib disconnected, (IP_address,IP_address) event cancelled

%FWSM-6-621007: Bad register from interface_name:IP_address to IP_address for (IP_address, IP_address)

%FWSM-6-713145: Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: netmask

%FWSM-6-713147: Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask: netmask

%FWSM-6-713172: Automatic NAT Detection Status: Remote end is|is not behind a NAT device This end is|is_not behind a NAT device

%FWSM-6-713177: Received remote Proxy Host FQDN in ID Payload: Host Name: host_name Address IP_address, Protocol protocol, Port port

%FWSM-6-713184: Client Type: Client_type Client Application Version: Application_version_string

%FWSM-6-713211: Adding static route for L2L peer coming in on a dynamic map. address: IP_address, mask: netmask

%FWSM-6-713213: Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask

%FWSM-6-713215: No match against Client Type and Version rules. Client: type version is/is not allowed by default

%FWSM-6-713219: Queueing KEY-ACQUIRE messages to be processed when P1 SA is complete.

%FWSM-6-713220: De-queueing KEY-ACQUIRE messages that were left pending.

%FWSM-6-717004: PKCS #12 export failed for trustpoint trustpoint_name.

%FWSM-6-717005: PKCS #12 export succeeded for trustpoint trustpoint_name.

%FWSM-6-717006: PKCS #12 import failed for trustpoint trustpoint_name.

%FWSM-6-717007: PKCS #12 import succeeded for trustpoint trustpoint_name.

%FWSM-6-717016: Removing expired CRL from the CRL cache. Issuer: issuer

%FWSM-6-719001: Email Proxy session could not be established: session limit of maximum_sessions has been reached.

%FWSM-6-719003: Email Proxy session pointer resources have been freed for source_address.

%FWSM-6-719004: Email Proxy session pointer has been successfully established for source_address.

%FWSM-6-719010: protocol Email Proxy feature is disabled on interface interface_name.

%FWSM-6-719011: Protocol Email Proxy feature is enabled on interface interface_name.

%FWSM-6-719012: Email Proxy server listening on port port for mail protocol protocol.

%FWSM-6-719013: Email Proxy server closing port port for mail protocol protocol.

%FWSM-6-719025: Email Proxy DNS name resolution failed for hostname.

%FWSM-6-719026: Email Proxy DNS name hostname resolved to IP_address.

%FWSM-6-720002: (VPN-unit) Starting VPN Stateful Failover Subsystem...

%FWSM-6-720003: (VPN-unit) Initialization of VPN Stateful Failover Component completed successfully

%FWSM-6-720004: (VPN-unit) VPN failover main thread started.

%FWSM-6-720005: (VPN-unit) VPN failover timer thread started.

%FWSM-6-720006: (VPN-unit) VPN failover sync thread started.

%FWSM-6-720010: (VPN-unit) VPN failover client is being disabled

%FWSM-6-720012: (VPN-unit) Failed to update IPSec failover runtime data on the standby unit.

%FWSM-6-720014: (VPN-unit) Phase 2 connection entry (msg_id=message_number, my cookie=mine, his cookie=his) contains no SA list.

%FWSM-6-720015: (VPN-unit) Cannot found Phase 1 SA for Phase 2 connection entry (msg_id=message_number,my cookie=mine, his cookie=his).

Debugging Messages, Severity 7

The following messages appear at severity 7, debugging:

%FWSM-7-109014: uauth_lookup_net fail for uauth_in()

%FWSM-7-109021: Uauth null proxy error

%FWSM-7-111009:User user executed cmd:string

%FWSM-7-199009: ICMP detected an attached application while removing a context

%FWSM-7-304005: URL Server IP_address request pending URL url

%FWSM-7-304009: Ran out of buffer blocks specified by url-block command

%FWSM-7-701001: alloc_user() out of Tcp_user objects

%FWSM-7-701002: alloc_user() out of Tcp_proxy objects

%FWSM-7-702201: ISAKMP Phase 1 delete received (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702202: ISAKMP Phase 1 delete sent (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702203: ISAKMP DPD timed out (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702204: ISAKMP Phase 1 retransmission (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702205: ISAKMP Phase 2 retransmission (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702206: ISAKMP malformed payload received (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702207: ISAKMP duplicate packet detected (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702208: ISAKMP Phase 1 exchange started (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702209: ISAKMP Phase 2 exchange started (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702210: ISAKMP Phase 1 exchange completed(local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702211: ISAKMP Phase 2 exchange completed(local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702212: ISAKMP Phase 1 initiating rekey (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702301: lifetime expiring...

%FWSM-7-702303: sa_request...

%FWSM-7-703001: H.225 message received from interface_name:IP_address/port to interface_name:IP_address/port is using an unsupported version number

%FWSM-7-703002: Received H.225 Release Complete with newConnectionNeeded for interface_name:IP_address to interface_name:IP_address/port

%FWSM-7-709001: FO replication failed: cmd=command returned=code

%FWSM-7-709002: FO unreplicable: cmd=command

%FWSM-7-710001: TCP access requested from source_address/source_port to interface_name:dest_address/service

%FWSM-7-710002: {TCP|UDP} access permitted from source_address/source_port to interface_name:dest_address/service

%FWSM-7-710004: TCP connection limit exceeded from source_address/source_port to interface_name:dest_address/service

%FWSM-7-710005: {TCP|UDP} request discarded from source_address/source_port to interface_name:dest_address/service

%FWSM-7-710006: protocol request discarded from source_address to interface_name:dest_address

%FWSM-7-711001: debug_trace_msg

%FWSM-7-711002: Task ran for elapsed_time msecs, process = process_name

%FWSM-7-711003: Unknown/Invalid interface identifier(vpifnum) detected.

%FWSM-7-713024: Received local Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port

%FWSM-7-713025: Received remote Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port

%FWSM-7-713026: Transmitted local Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port

%FWSM-7-713027: Transmitted remote Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port

%FWSM-7-713028: Received local Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port

%FWSM-7-713029: Received remote Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port

%FWSM-7-713030: Transmitted local Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port

%FWSM-7-713031: Transmitted remote Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port

%FWSM-7-713034: Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port

%FWSM-7-713035: Received remote IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port

%FWSM-7-713036: Transmitted local IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port

%FWSM-7-713037: Transmitted remote IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port

%FWSM-7-713039: Send failure: Bytes (number), Peer: IP_address

%FWSM-7-713040: Could not find connection entry and can not encrypt: msgid message_number

%FWSM-7-713052: User (user) authenticated.

%FWSM-7-713066: IKE Remote Peer configured for SA: SA_name

%FWSM-7-713094: Cert validation failure: handle invalid for Main/Aggressive Mode Initiator/Responder!

%FWSM-7-713099: Tunnel Rejected: Received NONCE length number is out of range!

%FWSM-7-713103: Invalid (NULL) secret key detected while computing hash

%FWSM-7-713104: Attempt to get Phase 1 ID data failed while hash computation

%FWSM-7-713113: Deleting IKE SA with associated IPSec connection entries. IKE peer: IP_address, SA address: internal_SA_address, tunnel count: count

%FWSM-7-713114: Connection entry (conn entry internal address) points to IKE SA (SA_internal_address) for peer IP_address, but cookies don't match

%FWSM-7-713117: Received Invalid SPI notify (SPI SPI_Value)!

%FWSM-7-713121: Keep-alive type for this connection: keepalive_type

%FWSM-7-713143: Processing firewall record. Vendor: vendor(id), Product: product(id), Caps: capability_value, Version Number: version_number, Version String: version_text

%FWSM-7-713160: Remote user (session Id - id) has been granted access by the Firewall Server

%FWSM-7-713164: The Firewall Server has requested a list of active user sessions

%FWSM-7-713169: IKE Received delete for rekeyed SA IKE peer: IP_address, SA address: internal_SA_address, tunnelCnt: tunnel_count

%FWSM-7-713170: IKE Received delete for rekeyed centry IKE peer: IP_address, centry address: internal_address, msgid: id

%FWSM-7-713171: NAT-Traversal sending NAT-Original-Address payload

%FWSM-7-713187: Tunnel Rejected: IKE peer does not match remote peer as defined in L2L policy IKE peer address: IP_address, Remote peer address: IP_address

%FWSM-7-713190: Got bad refCnt (ref_count_value) assigning IP_address (IP_address)

%FWSM-7-713204: Adding static route for client address: IP_address

%FWSM-7-713221: Static Crypto Map check, checking map = crypto_map_tag, seq = seq_number...

%FWSM-7-713222: Static Crypto Map check, map = crypto_map_tag, seq = seq_number, ACL does not match proxy IDs src:source_address dst:dest_address

%FWSM-7-713223: Static Crypto Map check, map = crypto_map_tag, seq = seq_number, no ACL configured

%FWSM-7-713224: Static Crypto Map Check by-passed: Crypto map entry incomplete!

%FWSM-7-713225: [IKEv1], Static Crypto Map check, map map_name, seq = sequence_number is a successful match

%FWSM-7-713900:Descriptive_event_string.

%FWSM-7-713901:Descriptive_event_string.

%FWSM-7-713905:Descriptive_event_string.

%FWSM-7-713906: debug_message

%FWSM-7-714001: Description of event or packet

%FWSM-7-714002: IKE Initiator starting QM: msg id = message_number

%FWSM-7-714003: IKE Responder starting QM: msg id = message_number

%FWSM-7-714004: IKE Initiator sending 1st QM pkt: msg id = message_number

%FWSM-7-714005: IKE Responder sending 2nd QM pkt: msg id = message_number

%FWSM-7-714006: IKE Initiator sending 3rd QM pkt: msg id = message_number

%FWSM-7-714007: IKE Initiator sending Initial Contact

%FWSM-7-714011: Description of received ID values

%FWSM-7-715001: Descriptive statement

%FWSM-7-715004: subroutine name() Q Send failure: RetCode (return_code)

%FWSM-7-715005: subroutine name() Bad message code: Code (message_code)

%FWSM-7-715006: IKE got SPI from key engine: SPI = SPI_value

%FWSM-7-715007: IKE got a KEY_ADD msg for SA: SPI = SPI_value

%FWSM-7-715008: Could not delete SA SA_address, refCnt = number, caller = calling_subroutine_address

%FWSM-7-715009: IKE Deleting SA: Remote Proxy IP_address, Local Proxy IP_address

%FWSM-7-715013: Tunnel negotiation in progress for destination IP_address, discarding data

%FWSM-7-715019: IKEGetUserAttributes: Attribute name = name

%FWSM-7-715020: construct_cfg_set: Attribute name = name

%FWSM-7-715040: Deleting active auth handle during SA deletion: handle = internal_authentication_handle

%FWSM-7-715041: Received keep-alive of type keepalive_type, not the negotiated type

%FWSM-7-715042: IKE received response of type failure_type to a request from the IP_address utility

%FWSM-7-715044: Ignoring Keepalive payload from vendor not support KeepAlive capability

%FWSM-7-715045: ERROR: malformed Keepalive payload

%FWSM-7-715046: constructing payload_description payload

%FWSM-7-715047: processing payload_description payload

%FWSM-7-715048: Send VID_type VID

%FWSM-7-715049: Received VID_type VID

%FWSM-7-715050: Claims to be IOS but failed authentication

%FWSM-7-715051: Received unexpected TLV type TLV_type while processing FWTYPE ModeCfg Reply

%FWSM-7-715052: Old P1 SA is being deleted but new SA is DEAD, cannot transition centries

%FWSM-7-715053: MODE_CFG: Received request for attribute_info!

%FWSM-7-715054: MODE_CFG: Received attribute_name reply: value

%FWSM-7-715055: Send attribute_name

%FWSM-7-715056: Client is configured for TCP_transparency

%FWSM-7-715057: Auto-detected a NAT device with NAT-Traversal. Ignoring IPSec-over-UDP configuration.

%FWSM-7-715058: NAT-Discovery payloads missing. Aborting NAT-Traversal.

%FWSM-7-715059: Proposing/Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal

%FWSM-7-715060: Dropped received IKE fragment. Reason: reason

%FWSM-7-715061: Rcv'd fragment from a new fragmentation set. Deleting any old fragments.

%FWSM-7-715062: Error assembling fragments! Fragment numbers are non-continuous.

%FWSM-7-715063: Successfully assembled an encrypted pkt from rcv'd fragments!

%FWSM-7-715064 -- IKE Peer included IKE fragmentation capability flags: Main Mode: true/false Aggressive Mode: true/false

%FWSM-7-715065: IKE state_machine subtype FSM error history (struct data_structure_address) state, event: state/event pairs

%FWSM-7-715066: Can't load an IPSec SA! The corresponding IKE SA contains an invalid logical ID.

%FWSM-7-715067: QM IsRekeyed: existing sa from different peer, rejecting new sa

%FWSM-7-715067: QM IsRekeyed: existing sa from different peer, rejecting new sa

%FWSM-7-715068: QM IsRekeyed: duplicate sa found by address, deleting old sa

%FWSM-7-715069: Invalid ESP SPI size of SPI_size

%FWSM-7-715070: Invalid IPComp SPI size of SPI_size

%FWSM-7-715071: AH proposal not supported

%FWSM-7-715072: Received proposal with unknown protocol ID protocol_ID

%FWSM-7-715074: Could not retrieve authentication attributes for peer IP_address

%FWSM-7-715075: Group = group_name, Username = client, IP = IP_address Received keep-alive of type message_type (seq number number)