Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module System Log Messages, 3.2
Messages Listed by Severity Level
Downloads: This chapterpdf (PDF - 290.0KB) | Feedback

Messages Listed by Severity Level

Table Of Contents

Messages Listed by Severity Level

Alert Messages, Severity 1

Critical Messages, Severity 2

Error Messages, Severity 3

Warning Messages, Severity 4

Notification Messages, Severity 5

Informational Messages, Severity 6

Debugging Messages, Severity 7

Variables Used in System Log Messages


Messages Listed by Severity Level


This appendix contains the following sections:

Alert Messages, Severity 1

Critical Messages, Severity 2

Error Messages, Severity 3

Warning Messages, Severity 4

Notification Messages, Severity 5

Informational Messages, Severity 6

Debugging Messages, Severity 7

Variables Used in System Log Messages


Note The security appliance does not send severity 0, emergency messages as system log messages. These are analogous to a UNIX panic message, and denote an unstable system.


Alert Messages, Severity 1

The following messages appear at severity 1, alerts:

%FWSM-1-102001: (Primary) Power failure/System reload other side.

%FWSM-1-103002: (Primary) Other firewall network interface interface_number OK.

%FWSM-1-103003: (Primary) Other firewall network interface interface_number failed.

%FWSM-1-103004: (Primary) Other firewall reports this firewall failed.

%FWSM-1-103005: (Primary) Other firewall reporting failure.

%FWSM-1-103006: (Primary|Secondary) Mate version ver_num is not compatible with ours ver_num

%FWSM-1-103007: (Primary|Secondary) Mate version ver_num is not identical with ours ver_num

%FWSM-1-104001: (Primary) Switching to ACTIVE (cause: string).

%FWSM-1-104002: (Primary) Switching to STNDBY (cause: string).

%FWSM-1-104003: (Primary) Switching to FAILED.

%FWSM-1-104004: (Primary) Switching to OK.

%FWSM-1-105001: (Primary) Disabling failover.

%FWSM-1-105002: (Primary) Enabling failover.

%FWSM-1-105003: (Primary) Monitoring on interface interface_name waiting

%FWSM-1-105004: (Primary) Monitoring on interface interface_name normal

%FWSM-1-105005: (Primary) Lost Failover communications with mate on interface interface_name.

%FWSM-1-105006: (Primary) Link status Up on interface interface_name.

%FWSM-1-105007: (Primary) Link status Down on interface interface_name.

%FWSM-1-105008: (Primary) Testing interface interface_name.

%FWSM-1-105020: (Primary) Incomplete/slow config replication

%FWSM-1-105021: (failover_unit) Standby unit failed to sync due to a locked context_name config. Lock held by lock_owner_name

%FWSM-1-105031: Failover LAN interface is up

%FWSM-1-105032: LAN Failover interface is down

%FWSM-1-105034: Receive a LAN_FAILOVER_UP message from peer.

%FWSM-1-105035: Receive a LAN failover interface down msg from peer.

%FWSM-1-105038: (Primary) Interface count mismatch

%FWSM-1-105039: (Primary) Unable to verify the Interface count with mate. Failover may be disabled in mate.

%FWSM-1-105040: (Primary) Mate failover version is not compatible.

%FWSM-1-105042: (Primary) Failover interface OK

%FWSM-1-105043: (Primary) Failover interface failed

%FWSM-1-105044: (Primary) Mate operational mode mode is not compatible with my mode mode.

%FWSM-1-105045: (Primary) Mate license (number contexts) is not compatible with my license (number contexts).

%FWSM-1-105046 (Primary|Secondary) Mate has a different chassis

%FWSM-1-105047: Mate has a io_card_name1 card in slot slot_number which is different from my io_card_name2

%FWSM-1-106021: Deny protocol reverse path check from source_address to dest_address on interface interface_name

%FWSM-1-106022: Deny protocol connection spoof from source_address to dest_address on interface interface_name

%FWSM-1-106101 The number of ACL log deny-flows has reached limit (number).

%FWSM-1-107001: RIP auth failed from IP_address: version=number, type=string, mode=string, sequence=number on interface interface_name

%FWSM-1-107002: RIP pkt failed from IP_address: version=number on interface interface_name

%FWSM-1-111111 error_message

%FWSM-1-415004:internal_sig_id Content type not found - action mime_type from source_address to dest_address

%FWSM-1-709003: (Primary) Beginning configuration replication: Sending to mate.

%FWSM-1-709004: (Primary) End Configuration Replication (ACT)

%FWSM-1-709005: (Primary) Beginning configuration replication: Receiving from mate.

%FWSM-1-709006: (Primary) End Configuration Replication (STB)

Critical Messages, Severity 2

The following messages appear at severity 2, critical:

%FWSM-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name

%FWSM-2-106002: protocol Connection denied by outbound list acl_ID src inside_address dest outside_address

%FWSM-2-106006: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port on interface interface_name.

%FWSM-2-106007: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port due to DNS {Response|Query}.

%FWSM-2-106013: Dropping echo request from IP_address to PAT address IP_address

%FWSM-2-106016: Deny IP spoof from (IP_address) to IP_address on interface interface_name.

%FWSM-2-106017: Deny IP due to Land Attack from IP_address to IP_address

%FWSM-2-106018: ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address

%FWSM-2-106020: Deny IP teardrop fragment (size = number, offset = number) from IP_address to IP_address

%FWSM-2-106024: Access rules memory exhausted

%FWSM-2-108002: SMTP replaced string: out source_address in inside_address data: string

%FWSM-2-108003: Terminating ESMTP/SMTP connection; malicious pattern detected in the mail address from source_interface:source_address/source_port to dest_interface:dest_address/dset_port. Data:string

%FWSM-2-109011: Authen Session Start: user 'user', sid number

%FWSM-2-112001: (string:dec) Clear complete.

%FWSM-2-201003: Embryonic limit exceeded nconns/elimit for outside_address/outside_port (global_address) inside_address/inside_port on interface interface_name

%FWSM-2-214001: Terminating manager session from IP_address on interface interface_name. Reason: incoming encrypted data (number bytes) longer than number bytes

%FWSM-2-215001:Bad route_compress() call, sdb= number

%FWSM-2-217001: No memory for string in string

%FWSM-2-304007: URL Server IP_address not responding, ENTERING ALLOW mode.

%FWSM-2-304008: LEAVING ALLOW mode, URL Server is up.

%FWSM-2-709007: Configuration replication failed for command command

%FWSM-2-709008: Configuration may be out of sync between Active/Standby units

%FWSM-2-713078: Temp buffer for building mode config attributes exceeded: bufsize available_size, used value

%FWSM-2-713176: Device_type memory resources are critical, IKE key acquire message on interface interface_number, for Peer IP_address ignored

%FWSM-2-717008: Insufficient memory to process_requiring_memory.

%FWSM-2-717011: Unexpected event event event_ID

Error Messages, Severity 3

The following messages appear at severity 3, errors:

%FWSM-3-105010: (Primary) Failover message block alloc failed

%FWSM-3-106010: Deny inbound protocol src interface_name:dest_address/dest_port dst interface_name:source_address/source_port

%FWSM-3-106011: Deny inbound (No xlate) string

%FWSM-3-106014: Deny inbound icmp src interface_name: IP_address dst interface_name: IP_address (type dec, code dec)

%FWSM-3-109010: Auth from inside_address/inside_port to outside_address/outside_port failed (too many pending auths) on interface interface_name.

%FWSM-3-109013: User must authenticate before using this service

%FWSM-3-109016: Can't find authorization ACL acl_ID for user 'user'

%FWSM-3-109018: Downloaded ACL acl_ID is empty

%FWSM-3-109019: Downloaded ACL acl_ID has parsing error; ACE string

%FWSM-3-109020: Downloaded ACL has config error; ACE

%FWSM-3-109023: User from source_address/source_port to dest_address/dest_port on interface outside_interface must authenticate before using this service.

%FWSM-3-109026: [aaa protocol] Invalid reply digest received; shared server key may be mismatched.

%FWSM-3-109032: Unable to install ACL access_list, downloaded for user username; Error in ACE: ace.

%FWSM-3-113001: Unable to open AAA session. Session limit [limit] reached.

%FWSM-3-113018: User: user, Unsupported downloaded ACL Entry: ACL_entry, Action: action

%FWSM-3-201002: Too many TCP connections on {static|xlate} global_address! econns nconns

%FWSM-3-201004: Too many UDP connections on {static|xlate} global_address! udp connections limit

%FWSM-3-201005: FTP data connection failed for IP_address IP_address

%FWSM-3-201006: RCMD backconnection failed for IP_address/port

%FWSM-3-201009: TCP connection limit of number for host IP_address on interface_name exceeded

%FWSM-3-202001: Out of address translation slots!

%FWSM-3-202005: Non-embryonic in embryonic list outside_address/outside_port inside_address/inside_port

%FWSM-3-202011: Connection limit exceeded econns/limit for dir packet from source_address/source_port to dest_address/dest_port on interface interface_name

%FWSM-3-208005: (function:line_num) clear command return code

%FWSM-3-210001: LU sw_module_name error = number

%FWSM-3-210002: LU allocate block (bytes) failed.

%FWSM-3-210003: Unknown LU Object number

%FWSM-3-210005: LU allocate connection failed

%FWSM-3-210006: LU look NAT for IP_address failed

%FWSM-3-210007: LU allocate xlate failed

%FWSM-3-210008: LU no xlate for inside_address/inside_port outside_address/outside_port

%FWSM-3-210010: LU make UDP connection for outside_address:outside_port inside_address:inside_port failed

%FWSM-3-210020: LU PAT port port reserve failed

%FWSM-3-210021: LU create static xlate global_address ifc interface_name failed

%FWSM-3-211001: Memory allocation Error

%FWSM-3-211003: CPU utilization for number seconds = percent

%FWSM-3-212001: Unable to open SNMP channel (UDP port port) on interface interface_number, error code = code

%FWSM-3-212002: Unable to open SNMP trap channel (UDP port port) on interface interface_number, error code = code

%FWSM-3-212003: Unable to receive an SNMP request on interface interface_number, error code = code, will try again

%FWSM-3-212004: Unable to send an SNMP response to IP Address IP_address Port port interface interface_number, error code = code

%FWSM-3-212005: incoming SNMP request (number bytes) on interface interface_name exceeds data buffer size, discarding this SNMP request.

%FWSM-3-212006: Dropping SNMP request from source_address/source_port to interface_name:dest_address/dest_port because: reason

%FWSM-3-302019: H.323 library_name ASN Library failed to initialize, error code number

%FWSM-3-302302: ACL = deny; no sa created

%FWSM-3-304003: URL Server IP_address timed out URL url

%FWSM-3-304006: URL Server IP_address not responding

%FWSM-3-305005: No translation group found for protocol src interface_name:dest_address/dest_port dst interface_name:source_address/source_port

%FWSM-3-305006: {outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port dst interface_name:dest_address/dest_port

%FWSM-3-305008: Free unallocated global IP address.

%FWSM-3-313001: Denied ICMP type=number, code=code from IP_address on interface interface_name

%FWSM-3-315004: Fail to establish SSH session because RSA host key retrieval failed.

%FWSM-3-316001: Denied new tunnel to IP_address. VPN peer limit (platform_vpn_peer_limit) exceeded

%FWSM-3-317001: No memory available for limit_slow

%FWSM-3-317002: Bad path index of number for IP_address, number max

%FWSM-3-317003: IP routing table creation failure - reason

%FWSM-3-317004: IP routing table limit warning

%FWSM-3-317005: IP routing table limit exceeded - reason, IP_address netmask

%FWSM-3-318001: Internal error: reason

%FWSM-3-318002: Flagged as being an ABR without a backbone area

%FWSM-3-318003: Reached unknown state in neighbor state machine

%FWSM-3-318004: area string lsid IP_address mask netmask adv IP_address type number

%FWSM-3-318005: lsid ip_address adv IP_address type number gateway gateway_address metric number network IP_address mask netmask protocol hex attr hex net-metric number

%FWSM-3-318006: if interface_name if_state number

%FWSM-3-318007: OSPF is enabled on interface_name during idb initialization

%FWSM-3-318008: OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id

%FWSM-3-319001: Acknowledge for arp update for IP address dest_address not received (number).

%FWSM-3-319002: Acknowledge for route update for IP address dest_address not received (number).

%FWSM-3-319003: Arp update for IP address address to NPn failed.

%FWSM-3-319004: Route update for IP address dest_address failed (number)

%FWSM-3-320001: The subject name of the peer cert is not allowed for connection

%FWSM-3-322001: Deny MAC address MAC_address, possible spoof attempt on interface interface

%FWSM-3-322002: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC Address MAC_address_2.

%FWSM-3-322003:ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address.

%FWSM-3-324000: Drop GTPv version message msg_type from source_interface:source_address/source_port to dest_interface:dest_address/dest_port Reason: reason

%FWSM-3-324001: GTPv0 packet parsing error from source_interface:source_address/source_port to dest_interface:dest_address/dest_port, TID: tid_value, Reason: reason

%FWSM-3-324002: No PDP[MCB] exists to process GTPv0 msg_type from source_interface:source_address/source_port to dest_interface:dest_address/dest_port, TID: tid_value

%FWSM-3-324003: No matching request to process GTPv version msg_type from source_interface:source_address/source_port to source_interface:dest_address/dest_port

%FWSM-3-324004: GTP packet with version%d from source_interface:source_address/source_port to dest_interface:dest_address/dest_port is not supported

%FWSM-3-324005: Unable to create tunnel from source_interface:source_address/source_port to dest_interface:dest_address/dest_port

%FWSM-3-324006:GSN IP_address tunnel limit tunnel_limit exceeded, PDP Context TID tid failed

%FWSM-3-324007: Unable to create GTP connection for response from source_interface:source_address/0 to dest_interface:dest_address/dest_port

%FWSM-3-325001: Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings

%FWSM-3-326001: Unexpected error in the timer library: error_message

%FWSM-3-326002: Error in error_message: error_message

%FWSM-3-326004: An internal error occurred while processing a packet queue

%FWSM-3-326005: Mrib notification failed for (IP_address, IP_address)

%FWSM-3-326006: Entry-creation failed for (IP_address, IP_address)

%FWSM-3-326007: Entry-update failed for (IP_address, IP_address)

%FWSM-3-326008: MRIB registration failed

%FWSM-3-326009: MRIB connection-open failed

%FWSM-3-326010: MRIB unbind failed

%FWSM-3-326011: MRIB table deletion failed

%FWSM-3-326012: Initialization of string functionality failed

%FWSM-3-326013: Internal error: string in string line %d (%s)

%FWSM-3-326014: Initialization failed: error_message error_message

%FWSM-3-326015: Communication error: error_message error_message

%FWSM-3-326016: Failed to set un-numbered interface for interface_name (string)

%FWSM-3-326017: Interface Manager error - string in string: string

%FWSM-3-326019: string in string: string

%FWSM-3-326020: List error in string: string

%FWSM-3-326021: Error in string: string

%FWSM-3-326022: Error in string: string

%FWSM-3-326023: string - IP_address: string

%FWSM-3-326024: An internal error occurred while processing a packet queue.

%FWSM-3-326025: string

%FWSM-3-326026: Server unexpected error: error_messsage

%FWSM-3-326027: Corrupted update: error_messsage

%FWSM-3-326028: Asynchronous error: error_messsage

%FWSM-3-404102: ISAKMP: Exceeded embryonic limit

%FWSM-3-407002: Embryonic limit nconns/elimit for through connections exceeded.outside_address/outside_port to global_address (inside_address)/inside_port on interface interface_name

%FWSM-3-414001: Failed to save logging buffer using file name filename to FTP server ftp_server_address on interface interface_name: [fail_reason]

%FWSM-3-414002: Failed to save logging buffer to flash:/syslog directory using file name: filename: [fail_reason]

%FWSM-3-610001: NTP daemon interface interface_name: Packet denied from IP_address

%FWSM-3-610002: NTP daemon interface interface_name: Authentication failed for packet from IP_address

%FWSM-3-713004: device scheduled for reboot or shutdown, IKE key acquire message on interface interface num, for Peer IP_address ignored

%FWSM-3-713008: Key ID in ID payload too big for pre-shared IKE tunnel

%FWSM-3-713009: OU in DN in ID payload too big for Certs IKE tunnel

%FWSM-3-713012: Unknown protocol (protocol). Not adding SA w/spi=SPI value

%FWSM-3-713014: Unknown Domain of Interpretation (DOI): DOI value

%FWSM-3-713016: Unknown identification type, Phase 1 or 2, Type ID_Type

%FWSM-3-713017: Identification type not supported, Phase 1 or 2, Type ID_Type

%FWSM-3-713018: Unknown ID type during find of group name for certs, Type ID_Type

%FWSM-3-713020: No Group found by matching OU(s) from ID payload: OU_value

%FWSM-3-713022: No Group found matching peer_ID or IP_address for Pre-shared key peer IP_address

%FWSM-3-713032: Received invalid local Proxy Range IP_address - IP_address

%FWSM-3-713033: Received invalid remote Proxy Range IP_address - IP_address

%FWSM-3-713042: IKE Initiator unable to find policy: Intf interface_number, Src: source_address, Dst: dest_address

%FWSM-3-713043: Cookie/peer address IP_address session already in progress

%FWSM-3-713047: Unsupported Oakley group: Group Diffie-Hellman group

%FWSM-3-713048: Error processing payload: Payload ID: id

%FWSM-3-713051: Terminating connection attempt: IPSEC not permitted for group (group_name)

%FWSM-3-713056: Tunnel rejected: SA (SA_name) not found for group (group_name)!

%FWSM-3-713059: Tunnel Rejected: User (user) matched with group name, group-lock check failed.

%FWSM-3-713060: Tunnel Rejected: User (user) not member of group (group_name), group-lock check failed.

%FWSM-3-713061: Tunnel rejected: Crypto Map Policy not found for Src:source_address, Dst: dest_address!

%FWSM-3-713062: IKE Peer address same as our interface address IP_address

%FWSM-3-713063: IKE Peer address not configured for destination IP_address

%FWSM-3-713065: IKE Remote Peer did not negotiate the following: proposal attribute

%FWSM-3-713072: Password for user (user) too long, truncating to number characters

%FWSM-3-713081: Unsupported certificate encoding type encoding_type

%FWSM-3-713082: Failed to retrieve identity certificate

%FWSM-3-713083: Invalid certificate handle

%FWSM-3-713084: Received invalid phase 1 port value (port) in ID payload

%FWSM-3-713085: Received invalid phase 1 protocol (protocol) in ID payload

%FWSM-3-713086: Received unexpected Certificate payload Possible invalid Auth Method (Auth method (auth numerical value))

%FWSM-3-713088: Set Cert filehandle failure: no IPSec SA in group group_name

%FWSM-3-713098: Aborting: No identity cert specified in IPSec SA (SA_name)!

%FWSM-3-713102: Phase 1 ID Data length number too long - reject tunnel!

%FWSM-3-713105: Zero length data in ID payload received during phase 1 or 2 processing

%FWSM-3-713107: IP_Address request attempt failed!

%FWSM-3-713109: Unable to process the received peer certificate

%FWSM-3-713112: Failed to process CONNECTED notify (SPI SPI_value)!

%FWSM-3-713116: Terminating connection attempt: L2TP-over-IPSEC attempted by group (group_name) but L2TP disabled

%FWSM-3-713118: Detected invalid Diffie-Helmann group_descriptor group_number, in IKE area

%FWSM-3-713119: PHASE 1 COMPLETED

%FWSM-3-713122: Keep-alives configured keepalive_type but peer IP_address support keep-alives (type = keepalive_type)

%FWSM-3-713123: IKE lost contact with remote peer, deleting connection (keepalive type: keepalive_type)

%FWSM-3-713124: Received DPD sequence number rcv_sequence_# in DPD Action, description expected seq #

%FWSM-3-713127: Xauth required but selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike proposal list

%FWSM-3-713128: Connection attempt to VCPIP redirected to VCA peer IP_address via load balancing

%FWSM-3-713129: Received unexpected Transaction Exchange payload type: payload_id

%FWSM-3-713132: Cannot obtain an IP_address for remote peer

%FWSM-3-713133: Mismatch: Overriding phase 2 DH Group(DH group DH group_id) with phase 1 group(DH group DH group_number

%FWSM-3-713134: Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the L2L connection

%FWSM-3-713138: Group group_name not found and BASE GROUP default preshared key not configured

%FWSM-3-713140: Split Tunneling Policy requires network list but none configured

%FWSM-3-713141: Client-reported firewall does not match configured firewall: action tunnel. Received -- Vendor: vendor(id), Product product(id), Caps: capability_value. Expected -- Vendor: vendor(id), Product: product(id), Caps: capability_value

%FWSM-3-713142: Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected -- Vendor: vendor(id), Product product(id), Caps: capability_value

%FWSM-3-713146: Could not add route for Hardware Client in network extension mode, address: IP_address, mask: netmask

%FWSM-3-713149: Hardware client security attribute attribute_name was enabled but not requested.

%FWSM-3-713152: Unable to obtain any rules from filter ACL_tag to send to client for CPP, terminating connection.

%FWSM-3-713159: TCP Connection to Firewall Server has been lost, restricted tunnels are now allowed full network access

%FWSM-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server

%FWSM-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server

%FWSM-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server

%FWSM-3-713165: Client IKE Auth mode differs from the group's configured Auth mode

%FWSM-3-713166: Headend security gateway has failed our user authentication attempt - check configured username and password

%FWSM-3-713167: Remote peer has failed user authentication - check configured username and password

%FWSM-3-713168: Re-auth enabled, but tunnel must be authenticated interactively!

%FWSM-3-713174: Hardware Client connection rejected! Network Extension Mode is not allowed for this group!

%FWSM-3-713182: IKE could not recognize the version of the client! IPSec Fragmentation Policy will be ignored for this connection!

%FWSM-3-713185: Error: Username too long - connection aborted

%FWSM-3-713186: Invalid secondary domain name list received from the authentication server. List Received: list_text Character index (value) is illegal

%FWSM-3-713189: Attempted to assign network or broadcast IP_address, removing (IP_address) from pool.

%FWSM-3-713193: Received packet with missing payload, Expected payload: payload_id

%FWSM-3-713194: IKE|IPSec Delete With Reason message: termination_reason

%FWSM-3-713195: Tunnel rejected: Originate-Only: Cannot accept incoming tunnel yet!

%FWSM-3-713198: User Authorization failed: user User authorization failed.

%FWSM-3-713203: IKE Receiver: Error reading from socket.

%FWSM-3-713205: Could not add static route for client address: IP_address

%FWSM-3-713206: Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy

%FWSM-3-713208: Cannot create dynamic rule for Backup L2L entry rule rule_id

%FWSM-3-713209: Cannot delete dynamic rule for Backup L2L entry rule id

%FWSM-3-713210: Cannot create dynamic map for Backup L2L entry rule_id

%FWSM-3-713212: Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: netmask

%FWSM-3-713214: Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask

%FWSM-3-713217: Skipping unrecognized rule: action: action client type: client_type client version: client_version

%FWSM-3-713218: Tunnel Rejected: Client Type or Version not allowed.

%FWSM-3-713226: Connection failed with peer IP_address, no trust-point defined in tunnel-group tunnel_group

%FWSM-3-717001: Querying keypair failed.

%FWSM-3-717002: Certificate enrollment failed for trustpoint trustpoint_name. Reason: reason_string.

%FWSM-3-717009: Certificate validation failed. Reason: reason_string.

%FWSM-3-717010: CRL polling failed for trustpoint trustpoint_name.

%FWSM-3-717012: Failed to refresh CRL cache entry from the server for trustpoint trustpoint_name at time_of_failure

%FWSM-3-717015: CRL received from issuer is too large to process (CRL size = crl_size, maximum CRL size = max_crl_size)

%FWSM-3-717017: Failed to query CA certificate for trustpoint trustpoint_name from enrollment_url

%FWSM-3-717018: CRL received from issuer has too many entries to process (number of entries = number_of_entries, maximum number allowed = max_allowed)

%FWSM-3-717019: Failed to insert CRL for trustpoint trustpoint_name. Reason: failure_reason.

Warning Messages, Severity 4

The following messages appear at severity 4, warning:

%FWSM-4-106023: Deny protocol src [interface_name:source_address/source_port] dst interface_name:dest_address/dest_port [type {string}, code {code}] by access_group acl_ID

%FWSM-4-106027:Failed to determine the security context for the packet:vlansource Vlan#:ethertype src sourceMAC dst destMAC

%FWSM-4-109017: User at IP_address exceeded auth proxy connection limit (max)

%FWSM-4-109022: exceeded HTTPS proxy process limit

%FWSM-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user

%FWSM-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port

%FWSM-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask

%FWSM-4-109031: NT Domain Authentication Failed: rejecting guest login for username

%FWSM-4-109035: Authentication failed for user username as the password expired.

%FWSM-4-109036: Teardown protocol connection session_id for src_if:src_ip/src_port to dest_if:dest_ip/dest_port duration duration bytes bytes due to Uauth timeout.

%FWSM-4-109037: Authentication cannot be done for the user from src_ip to dest_ip for application since auth_proto client is too busy

%FWSM-4-109039: Func_ID: Uauth Unproxy Failed due to the reason: Failed_Reason

%FWSM-4-209003: Fragment database limit of number exceeded: src = source_address, dest = dest_address, proto = protocol, id = number

%FWSM-4-209004: Invalid IP fragment, size = bytes exceeds maximum size = bytes: src = source_address, dest = dest_address, proto = protocol, id = number

%FWSM-4-209005: Discard IP fragment set with more than number elements: src = Too many elements are in a fragment set.

%FWSM-4-302025: Unable to Pre-allocate H323 GUP Connection for faddr intf: {foreign-address/foreign-port} to laddr intf: {local-address/local-port}

%FWSM-4-308002: static global_address inside_address netmask netmask overlapped with global_address inside_address

%FWSM-4-313003: Invalid destination for ICMP error

%FWSM-4-313004:Denied ICMP type=icmp_type, from source_address oninterface interface_name to dest_address:no matching session

%FWSM-4-325002: Duplicate address ipv6_address/MAC_address on interface

%FWSM-4-402101: decaps: rec'd IPSEC packet has invalid spi for destaddr=dest_address, prot=protocol, spi=number

%FWSM-4-402102: decapsulate: packet missing {AH|ESP}, destadr=dest_address, actual prot=protocol

%FWSM-4-402103: identity doesn't match negotiated identity (ip) dest_address= dest_address, src_addr= source_address, prot= protocol, (ident) local=inside_address, remote=remote_address, local_proxy=IP_address/IP_address/port/port, remote_proxy=IP_address/IP_address/port/port

%FWSM-4-402106: Rec'd packet not an IPSEC packet (ip) dest_address= dest_address, src_addr= source_address, prot= protocol

%FWSM-4-404101: ISAKMP: Failed to allocate address for client from pool string

%FWSM-4-405001: Received ARP {request | response} collision from IP_address/MAC_address on interface interface_name

%FWSM-4-405002: Received mac mismatch collision from IP_address/MAC_address for authenticated host

%FWSM-4-405101: Unable to Pre-allocate H225 Call Signalling Connection for foreign_address outside_address[/outside_port] to local_address inside_address[/inside_port]

%FWSM-4-405102: Unable to Pre-allocate H245 Connection for foreign_address outside_address[/outside_port] to local_address inside_address[/inside_port]

%FWSM-4-405103: H225 message from source_address/source_port to dest_address/dest_port contains bad protocol discriminator hex

%FWSM-4-405104: H225 message received from outside_address/outside_port to inside_address/inside_port before SETUP

%FWSM-4-405105: H323 RAS message AdmissionConfirm received from source_address/source_port to dest_address/dest_port without an AdmissionRequest

%FWSM-4-405201: ILS ILS_message_type from inside_interface:source_IP_address to outside_interface:/destination_IP_address has wrong embedded address embedded_IP_address

%FWSM-4-406001: FTP port command low port: IP_address/port to IP_address on interface interface_name

%FWSM-4-406002: FTP port command different address: IP_address(IP_address) to IP_address on interface interface_name

%FWSM-4-407001: Deny traffic for local-host interface_name:inside_address, license limit of number exceeded

%FWSM-4-407003: Established limit for RPC services exceeded number

%FWSM-4-408001: IP route counter negative - reason, IP_address Attempt: number

%FWSM-4-408002: ospf process id route type update address1 netmask1 [distance1/metric1] via source IP:interface1 address2 netmask2 [distance2/metric2] interface2

%FWSM-4-409001: Database scanner: external LSA IP_address netmask is lost, reinstalls

%FWSM-4-409002: db_free: external LSA IP_address netmask

%FWSM-4-409003: Received invalid packet: reason from IP_address, interface_name

%FWSM-4-409004: Received reason from unknown neighbor IP_address

%FWSM-4-409005: Invalid length number in OSPF packet from IP_address (ID IP_address), interface_name

%FWSM-4-409006: Invalid lsa: reason Type number, LSID IP_address from IP_address, IP_address, interface_name

%FWSM-4-409007: Found LSA with the same host bit set but using different mask LSA ID IP_address netmask New: Destination IP_address netmask

%FWSM-4-409008: Found generating default LSA with non-zero mask LSA type : number Mask: netmask metric: number area: string

%FWSM-4-409009: OSPF process number cannot start. There must be at least one up IP interface, for OSPF to use as router ID

%FWSM-4-409010: Virtual link information found in non-backbone area: string

%FWSM-4-409011: OSPF detected duplicate router-id IP_address from IP_address on interface interface_name

%FWSM-4-409012: Detected router with duplicate router ID IP_address in area string

%FWSM-4-409013: Detected router with duplicate router ID IP_address in Type-4 LSA advertised by IP_address

%FWSM-4-409023: Attempting AAA Fallback method method_name for request_type request for user user: Auth-server group server_tag unreachable

%FWSM-4-410001: UDP DNS request from source_interface:source_address/source_port to dest_interface:dest_address/dest_port; (label length | domain-name length) 52 bytes exceeds remaining packet length of 44 bytes.

%FWSM-4-411001:Line protocol on interface interface_name changed state to up

%FWSM-4-411002:Line protocol on interface interface_name changed state to down

%FWSM-4-411003: Configuration status on interface interface_name changed state to administratively down

%FWSM-4-411004: Configuration status on interface interface_name changed state to up

%FWSM-4-412001:MAC MAC_address moved from interface_1 to interface_2

%FWSM-4-412002:Detected bridge table full while inserting MAC MAC_address on interface interface. Number of entries = num

%FWSM-4-415012:internal_sig_id HTTP Deobfuscation signature detected - action HTTP deobfuscation detected IPS evasion technique from source_address to dest_address

%FWSM-4-415014:internal_sig_id More than 10 unanswered HTTP requests exceeded from source_address to dest_address

%FWSM-4-416001: Dropped UDP SNMP packet from source_interface: source_IP/source_port to dest_interface:dest_address/dest_port; version (prot_version) is not allowed through the firewall

%FWSM-4-417001: Unexpected event received: number

%FWSM-4-417004: Filter violation error: conn number (string:string) in string

%FWSM-4-417006: No memory for string) in string. Handling: string

%FWSM-4-418001: Through-the-device packet to/from management-only network is denied: protocol_string from interface_name IP_address (port) to interface_name IP_address (port)

%FWSM-4-500004: Invalid transport variable for protocol=protocol, from source_address/source_port to dest_address/dest_port

%FWSM-4-612002: Auto Update failed:filename, version:number, reason:reason

%FWSM-4-612003:Auto Update failed to contact:url, reason:reason

%FWSM-4-620002: Unsupported CTIQBE version: hex: from interface_name:IP_address/port to interface_name:IP_address/port

%FWSM-4-713154: DNS lookup for peer_description Server [server_name] failed!

%FWSM-4-713157: Timed out on initial contact to server [server_name or IP_address] Tunnel could not be established.

%FWSM-4-713903:Descriptive_event_string.

%FWSM-4-720001: (VPN-unit) Failed to initialize with Chunk Manager.

%FWSM-4-720007: (VPN-unit) Failed to allocate chunk from Chunk Manager.

%FWSM-4-720008: (VPN-unit) Failed to register to High Availability Framework.

%FWSM-4-720009: (VPN-unit) Failed to create version control block.

%FWSM-4-720011: (VPN-unit) Failed to allocate memory

%FWSM-4-720013: (VPN-unit) Failed to insert certificate in trust point trustpoint_name

Notification Messages, Severity 5

The following messages appear at severity 5, notifications:

%FWSM-5-109012: Authen Session End: user 'user', sid number, elapsed number seconds

%FWSM-5-109029: Parsing downloaded ACL: string

%FWSM-5-111002: Begin configuration: IP_address reading from device

%FWSM-5-111003: IP_address Erase configuration

%FWSM-5-111004: IP_address end configuration: {FAILED|OK}

%FWSM-5-111005: IP_address end configuration: OK

%FWSM-5-111007: Begin configuration: IP_address reading from device.

%FWSM-5-111008: User user executed the command string

%FWSM-5-199001: Reload command executed from telnet (remote IP_address).

%FWSM-5-199006: Orderly reload started at when by whom. Reload reason: reason

%FWSM-5-1999007:IP detected an attached application using port port while removing context

%FWSM-5-1999008:Protocol detected an attached application using local port local_port and destination port dest_port

%FWSM-5-303004: FTP cmd_string command unsupported - failed strict inspection, terminating connection from source_interface:source_address/source_port to dest_interface:dest_address/dest_interface

%FWSM-5-304001: user source_address Accessed {JAVA URL|URL} dest_address: url.

%FWSM-5-304002: Access denied URL chars SRC IP_address DEST IP_address: chars

%FWSM-5-321001: Resource var1 limit of var2 reached.

%FWSM-5-321002: Resource var1 rate limit of var2 reached.

%FWSM-5-415001:internal_sig_id HTTP Tunnel detected - action tunnel_type from source_address to dest_address

%FWSM-5-415002:internal_sig_id HTTP Instant Messenger detected - action instant_messenger_type from source_address to dest_address

%FWSM-5-415003:internal_sig_id HTTP Peer-to-Peer detected - action peer_to_peer_type from source_address to dest_address

%FWSM-5-415005:Internal_Sig_Id Content type does not match specified type - Action Content Verification Failed from source_address to Dst_IP_Address

%FWSM-5-415007:internal_sig_id HTTP Extension method detected - action method_name from source_address to dest_address

%FWSM-5-415008:internal_sig_id HTTP RFC method detected - action method_name from source_address to dest_address

%FWSM-5-415010:internal_sig_id HTTP protocol violation detected - action HTTP Protocol not detected from source_address to dest_address

%FWSM-5-415013:internal_sig_id HTTP Transfer encoding violation detected - action Xfer_encode Transfer encoding not allowed from source_address to dest_address

%FWSM-5-500001: ActiveX content modified src IP_address dest IP_address on interface interface_name.

%FWSM-5-500002: Java content modified src IP_address dest IP_address on interface interface_name.

%FWSM-5-500003: Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port, flags: tcp_flags, on interface interface_name

%FWSM-5-506001: event_source_string event_string

%FWSM-5-501101: User transitioning priv level

%FWSM-5-502101: New user added to local dbase: Uname: user Priv: privilege_level Encpass: string

%FWSM-5-502102: User deleted from local dbase: Uname: user Priv: privilege_level Encpass: string

%FWSM-5-502103: User priv level changed: Uname: user From: privilege_level To: privilege_level

%FWSM-5-502111: New group policy added: name: policy_name Type: policy_type

%FWSM-5-502112: Group policy deleted: name: policy_name Type: policy_type

%FWSM-5-503001: Process number, Nbr IP_address on interface_name from string to string, reason

%FWSM-5-504001: Security context context_name was added to the system

%FWSM-5-504002: Security context context_name was removed from the system

%FWSM-5-507001: Terminating TCP-Proxy connection from interface_inside:source_address/source_port to interface_outside:dest_address/dest_port - reassembly limit of limit bytes exceeded

%FWSM-5-612001: Auto Update succeeded:filename, version:number

%FWSM-5-713006: Failed to obtain state for message Id message_number, Peer Address: IP_address

%FWSM-5-713010: IKE area: failed to find centry for message Id message_number

%FWSM-5-713041: IKE Initiator: new or rekey Phase 1 or 2, Intf interface_number, IKE Peer IP_address local Proxy Address IP_address, remote Proxy Address IP_address, Crypto map (crypto map tag)

%FWSM-5-713049: Security negotiation complete for tunnel_type type (group_name) Initiator/Responder, Inbound SPI = SPI, Outbound SPI = SPI

%FWSM-5-713050: Connection terminated for peer IP_address. Reason: termination reason Remote Proxy IP_address, Local Proxy IP_address

%FWSM-5-713068: Received non-routine Notify message: notify_type (notify_value)

%FWSM-5-713073: Responder forcing change of Phase 1/Phase 2 rekeying duration from larger_value to smaller_value seconds

%FWSM-5-713074: Responder forcing change of IPSec rekeying duration from larger_value to smaller_value Kbs

%FWSM-5-713075: Overriding Initiator's IPSec rekeying duration from larger_value to smaller_value seconds

%FWSM-5-713076: Overriding Initiator's IPSec rekeying duration from larger_value to smaller_value Kbs

%FWSM-5-713092: Failure during phase 1 rekeying attempt due to collision

%FWSM-5-713115: Client rejected NAT enabled IPSec request, falling back to standard IPSec

%FWSM-5-713130: Received unsupported transaction mode attribute: attribute id

%FWSM-5-713131: Received unknown transaction mode attribute: attribute_id

%FWSM-5-713135: message received, redirecting tunnel to IP_address.

%FWSM-5-713136: IKE session establishment timed out [IKE_state_name], aborting!

%FWSM-5-713137: Reaper overriding refCnt [ref_count] and tunnelCnt [tunnel_count] -- deleting SA!

%FWSM-5-713139: group_name not found, using BASE GROUP default preshared key

%FWSM-5-713144: Ignoring received malformed firewall record; reason - error_reason TLV type attribute_value correction

%FWSM-5-713148: Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address: IP_address, mask: netmask

%FWSM-5-713155: DNS lookup for Primary VPN Server [server_name] successfully resolved after a previous failure. Resetting any Backup Server init.

%FWSM-5-713156: Initializing Backup Server [server_name or IP_address]

%FWSM-5-713158: Client rejected NAT enabled IPSec Over UDP request, falling back to IPSec Over TCP

%FWSM-5-713178: IKE Initiator received a packet from its peer without a Responder cookie

%FWSM-5-713179: IKE AM Initiator received a packet from its peer without a payload_type payload

%FWSM-5-713196: Remote L2L Peer IP_address initiated a tunnel with same outer and inner addresses.Peer could be Originate Only - Possible misconfiguration!

%FWSM-5-713197: The configured Confidence Interval of number seconds is invalid for this tunnel_type connection. Enforcing the second default.

%FWSM-5-713199: Reaper corrected an SA that has not decremented the concurrent IKE negotiations counter (counter_value)!

%FWSM-5-713216: Rule: action Client type: version Client: type version is/is not allowed

%FWSM-5-713229: Auto Update - Notification to client client_ip of update string: message_string.

%FWSM-5-713904:Descriptive_event_string.

%FWSM-5-717013: Removing a cached CRL to accommodate an incoming CRL. Issuer: issuer

%FWSM-5-717014: Unable to cache a CRL received from CDP due to size limitations (CRL size = size, available cache space = space)

%FWSM-5-719014: Email Proxy is changing listen port from old_port to new_port for mail protocol protocol.

%FWSM-5-720016: (VPN-unit) Failed to initialize default timer #index.

%FWSM-5-720017: (VPN-unit) Failed to update LB runtime data

%FWSM-5-720018: (VPN-unit) Failed to get a buffer from the underlying core high availability subsystem. Error code code.

%FWSM-5-720019: (VPN-unit) Failed to update cTCP statistics.

%FWSM-5-720020: (VPN-unit) Failed to send type timer message.

Informational Messages, Severity 6

The following messages appear at severity 6, informational:

%FWSM-6-106012: Deny IP from IP_address to IP_address, IP options hex.

%FWSM-6-106015: Deny TCP (no connection) from IP_address/port to IP_address/port flags tcp_flags on interface interface_name.

%FWSM-6-106025: Failed to determine the security context for the packet:sourceVlan:source_address dest_address source_port dest_port protocol

%FWSM-6-106026: Failed to determine the security context for the packet:sourceVlan:source_address dest_address source_port dest_port protocol

%FWSM-6-106028: Deny TCP (Connection marked for deletion) from src ip-address/src-port to dst ip-address/dst-port flags flag on interface intf-name

%FWSM-6-106100: access-list acl_ID {permitted | denied | est-allowed} protocol interface_name/source_address(source_port) -> interface_name/dest_address(dest_port) hit-cnt number ({first hit | number-second interval})

%FWSM-6-109001: Auth start for user user from inside_address/inside_port to outside_address/outside_port

%FWSM-6-109002: Auth from inside_address/inside_port to outside_address/outside_port failed (server IP_address failed) on interface interface_name.

%FWSM-6-109003: Auth from src_ip/src_port to dest_ip/dest_port failed (all servers failed) on interface interface_name, so marking all servers ACTIVE again

%FWSM-6-109005: Authentication succeeded for user user from inside_address/inside_port to outside_address/outside_port on interface interface_name.

%FWSM-6-109006: Authentication failed for user user from inside_address/inside_port to outside_address/outside_port on interface interface_name.

%FWSM-6-109007: Authorization permitted for user user from inside_address/inside_port to outside_address/outside_port on interface interface_name.

%FWSM-6-109008: Authorization denied for user user from outside_address/outside_port to inside_address/ inside_port on interface interface_name.

%FWSM-6-109024: Authorization denied from source_address/source_port to dest_address/dest_port (not authenticated) on interface interface_name using protocol

%FWSM-6-109025: Authorization denied (acl=acl_ID) for user 'user' from source_address/source_port to dest_address/dest_port on interface interface_name using protocol

%FWSM-6-110001: No route to dest_address from source_address

%FWSM-6-113003: AAA group policy for user user is being set to policy_name.

%FWSM-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user

%FWSM-6-113005: AAA user authentication Rejected: reason = string: server = server_IP_address, User = user

%FWSM-6-113006: User user locked out on exceeding number successive failed authentication attempts

%FWSM-6-113007: User user unlocked by administrator

%FWSM-6-113008: AAA transaction status ACCEPT: user = user

%FWSM-6-113009: AAA retrieved default group policy policy for user user

%FWSM-6-113010: AAA challenge received for user user from server server_IP_address

%FWSM-6-113011: AAA retrieved user specific group policy policy for user user

%FWSM-6-113012: AAA user authentication Successful: local database: user = user

%FWSM-6-113013: AAA unable to complete the request Error: reason = reason: user = user

%FWSM-6-113014: AAA authentication server not accessible: server = server_IP_address: user = user

%FWSM-6-113015: AAA user authentication Rejected: reason = reason: local database: user = user

%FWSM-6-113016: AAA credentials rejected: reason = reason: server = server_IP_address: user = user

%FWSM-6-113017: AAA credentials rejected: reason = reason: local database: user = user\

%FWSM-6-199002: startup completed. Beginning operation.

%FWSM-6-199003: Reducing link MTU dec.

%FWSM-6-199005: Startup begin

%FWSM-6-210022: LU missed number updates

%FWSM-6-302003: Built H245 connection for foreign_address outside_address/outside_port local_address inside_address/inside_port

%FWSM-6-302004: Pre-allocate H323 UDP backconnection for foreign_address outside_address/outside_port to local_address inside_address/inside_port

%FWSM-6-302009: Rebuilt TCP connection number for foreign_address outside_address/outside_port global_address global_address/global_port local_address inside_address/inside_port

%FWSM-6-302010: connections in use, connections most used

%FWSM-6-302012: Pre-allocate H225 Call Signalling Connection for faddr IP_address/port to laddr IP_address

%FWSM-6-302013: Built {inbound|outbound} TCP connection_id for source:real-address/real-port (mapped-address/mapped-port) to destination:real-address/real-port (mapped-address/mapped-port) [(user)]

%FWSM-6-302014: Teardown TCP connection id for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss bytes bytes [reason] [(user)]

%FWSM-6-302015: Built {inbound|outbound} UDP connection number for interface_name:real_address/real_port (mapped_address/mapped_port) to interface_name:real_address/real_port (mapped_address/mapped_port) [(user)]

%FWSM-6-302016: Teardown UDP connection number for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss bytes bytes [(user)]

%FWSM-6-302017: Built {inbound|outbound} GRE connection id from interface:real_address (translated_address) to interface:real_address/real_cid (translated_address/translated_cid)[(user)

%FWSM-6-302018: Teardown GRE connection id from interface:real_address (translated_address) to interface:real_address/real_cid (translated_address/translated_cid) duration hh:mm:ss bytes bytes [(user)]

%FWSM-6-302020: Built {in | out}bound ICMP connection for faddr {faddr | icmp_seq_num} gaddr {gaddr | cmp_type} laddr laddr

%FWSM-6-302021: Teardown ICMP connection for faddr {faddr | icmp_seq_num} gaddr {gaddr | cmp_type} laddr laddr

%FWSM-6-302022: Built IP protocol 103 connection 219025360 for int_112:172.16.2.1 (172.16.2.1) to int_102:172.16.112.2 (172.16.112.2)

%FWSM-6-302023: Teardown IP protocol 103 connection 219025359 for int_102:172.16.2.1 to int_112:172.16.112.2 duration 0:00:35 bytes 74

%FWSM-6-302024: Pre-allocated H323 GUP connection for faddr intf: {foreign-address /foreign-port} to laddr intf: {local-address/local-port}

%FWSM-6-303002: source_address {Stored|Retrieved} dest_address: mapped_address

%FWSM-6-303003: FTP cmd_name command denied - failed strict inspection, terminating connection from source_interface:source_address/source_port to dest_interface:dest_address/dest_port

%FWSM-6-304004: URL Server IP_address request failed URL url

%FWSM-6-305007: addrpool_free(): Orphan IP IP_address on interface interface_number

%FWSM-6-305009: Built {dynamic|static} translation from interface_name [(acl-name)]:real_address to interface_name:mapped_address

%FWSM-6-305010: Teardown {dynamic|static} translation from interface_name:real_address to interface_name:mapped_address duration time

%FWSM-6-305011: Built {dynamic|static} {TCP|UDP|ICMP} translation from interface_name:real_address/real_port to interface_name:mapped_address/mapped_port

%FWSM-6-305012: Teardown {dynamic|static} {TCP|UDP|ICMP} translation from interface_name [(acl-name)]:real_address/{real_port|real_ICMP_ID} to interface_name:mapped_address/{mapped_port|mapped_ICMP_ID} duration time

%FWSM-6-308001: console enable password incorrect for number tries (from IP_address)

%FWSM-6-311001: LU loading standby start

%FWSM-6-311002: LU loading standby end

%FWSM-6-311003: LU recv thread up

%FWSM-6-311004: LU xmit thread up

%FWSM-6-312001: RIP hdr failed from IP_address: cmd=string, version=number domain=string on interface interface_name

%FWSM-6-314001: Pre-allocate RTSP UDP backconnection for foreign_address outside_address/outside_port to local_address inside_address/inside_port

%FWSM-6-315011: SSH session from IP_address on interface interface_name for user user disconnected by SSH server, reason: reason

%FWSM-6-321003: Resource var1 log level of var2 reached.

%FWSM-6-321004: Resource var1 rate log level of var2 reached

%FWSM-6-415006:internal_sig_id Content size size out of range - action content-length from source_address to dest_address

%FWSM-6-415009:internal_sig_id HTTP Header length exceeded. Received length byte Header - action header length exceeded from source_address to dest_address

%FWSM-6-415011:internal_sig_id HTTP URL Length exceeded. Received size byte URL - action URI length exceeded from source_address to dest_address

%FWSM-6-602101: PMTU-D packet number bytes greater than effective mtu number dest_addr=dest_address, src_addr=source_address, prot=protocol

%FWSM-6-602102: Adjusting IPSec tunnel mtu...

%FWSM-7-703001: H.225 message received from interface_name:IP_address/port to interface_name:IP_address/port is using an unsupported version number

%FWSM-6-602201: ISAKMP Phase 1 SA created (local IP_address/port (initiator|responder), remote IP_address/port, authentication=auth_type, encryption=encr_alg, hash=hash_alg, group=DH_grp, lifetime=seconds)

%FWSM-6-602202: ISAKMP session connected (local IP_address (initiator|responder), remote IP_address)

%FWSM-6-602203: ISAKMP session disconnected (local IP_address (initiator|responder), remote IP_address)

%FWSM-6-602301: sa created...

%FWSM-6-602302: deleting sa

%FWSM-6-604101: DHCP client interface interface_name: Allocated ip = IP_address, mask = netmask, gw = gateway_address

%FWSM-6-604102: DHCP client interface interface_name: address released

%FWSM-6-604103: DHCP daemon interface interface_name: address granted MAC_address (IP_address)

%FWSM-6-604104: DHCP daemon interface interface_name: address released

%FWSM-6-605005: Login permitted from IP_address/telnet to outside IP_address/ssh for user "pix"

%FWSM-6-606001: ASDM session number number from IP_address started

%FWSM-6-606002: ASDM session number number from IP_address ended

%FWSM-6-606003: ASDM logging session number id from IP_address started id session ID assigned

%FWSM-6-606004: ASDM logging session number id from IP_address ended

%FWSM-6-607001: Pre-allocate SIP connection_type secondary channel for interface_name:IP_address/port to interface_name:IP_address from string message

%FWSM-6-608001: Pre-allocate Skinny connection_type secondary channel for interface_name:IP_address to interface_name:IP_address/port from string message

%FWSM-6-609001: Built local-host interface_name:IP_address

%FWSM-6-609002: Teardown local-host interface_name:IP_address duration time

%FWSM-6-610101: Authorization failed: Cmd: command Cmdtype: command_modifier

%FWSM-6-613001: Checksum Failure in database in area string Link State Id IP_address Old Checksum number New Checksum number

%FWSM-6-613002: interface interface_name has zero bandwidth

%FWSM-6-613003: IP_address netmask changed from area string to area string

%FWSM-6-614001: Split DNS: request patched from server: IP_address to server: IP_address

%FWSM-6-614002: Split DNS: reply from server:IP_address reverse patched back to original server:IP_address

%FWSM-6-615001: vlan number not available for firewall interface

%FWSM-6-615002: vlan number available for firewall interface

%FWSM-6-616001:Pre-allocate MGCP data_channel connection for inside_interface:inside_address to outside_interface:outside_address/port from message_type message

%FWSM-6-617001: GTPv version msg_type from source_interface:source_address/source_port not accepted by source_interface:dest_address/dest_port

%FWSM-6-617002: Removing v1 PDP Context with TID tid from GGSN IP_address and SGSN IP_address, Reason: reason or Removing v1 primary|secondary PDP Context with TID tid from GGSN IP_address and SGSN IP_address, Reason: reason

%FWSM-6-617003: GTP Tunnel created from source_interface:source_address/source_port to source_interface:dest_address/dest_port

%FWSM-6-617004: GTP connection created for response from source_interface:source_address/0 to source_interface:dest_address/dest_port

%FWSM-6-620001: Pre-allocate CTIQBE {RTP | RTCP} secondary channel for interface_name:outside_address[/outside_port] to interface_name:inside_address[/inside_port] from CTIQBE_message_name message

%FWSM-6-621001: Interface interface_name does not support multicast, not enabled

%FWSM-6-621002: Interface interface_name does not support multicast, not enabled

%FWSM-6-621003: The event queue size has exceeded number

%FWSM-6-621006: Mrib disconnected, (IP_address,IP_address) event cancelled

%FWSM-6-621007: Bad register from interface_name:IP_address to IP_address for (IP_address, IP_address)

FWSM-6-622001: %d: Built BGP Peering session with %A and AS # %d\n, BGP_PEER_SES_ESTABLISH

FWSM-6-622002: %d: Teardown BGP Peering session with %A and AS # %d\n, BGP_PEER_SES_TEAR_DOWN

%FWSM-6-713145: Detected Hardware Client in network extension mode, adding static route for address: IP_address, mask: netmask

%FWSM-6-713147: Terminating tunnel to Hardware Client in network extension mode, deleting static route for address: IP_address, mask: netmask

%FWSM-6-713172: Automatic NAT Detection Status: Remote end is|is not behind a NAT device This end is|is_not behind a NAT device

%FWSM-6-713177: Received remote Proxy Host FQDN in ID Payload: Host Name: host_name Address IP_address, Protocol protocol, Port port

%FWSM-6-713184: Client Type: Client_type Client Application Version: Application_version_string

%FWSM-6-713211: Adding static route for L2L peer coming in on a dynamic map. address: IP_address, mask: netmask

%FWSM-6-713213: Deleting static route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask

%FWSM-6-713215: No match against Client Type and Version rules. Client: type version is/is not allowed by default

%FWSM-6-713219: Queueing KEY-ACQUIRE messages to be processed when P1 SA is complete.

%FWSM-6-713220: De-queueing KEY-ACQUIRE messages that were left pending.

%FWSM-6-717004: PKCS #12 export failed for trustpoint trustpoint_name.

%FWSM-6-717005: PKCS #12 export succeeded for trustpoint trustpoint_name.

%FWSM-6-717006: PKCS #12 import failed for trustpoint trustpoint_name.

%FWSM-6-717007: PKCS #12 import succeeded for trustpoint trustpoint_name.

%FWSM-6-717016: Removing expired CRL from the CRL cache. Issuer: issuer

%FWSM-6-719001: Email Proxy session could not be established: session limit of maximum_sessions has been reached.

%FWSM-6-719003: Email Proxy session pointer resources have been freed for source_address.

%FWSM-6-719004: Email Proxy session pointer has been successfully established for source_address.

%FWSM-6-719010: protocol Email Proxy feature is disabled on interface interface_name.

%FWSM-6-719011: Protocol Email Proxy feature is enabled on interface interface_name.

%FWSM-6-719012: Email Proxy server listening on port port for mail protocol protocol.

%FWSM-6-719013: Email Proxy server closing port port for mail protocol protocol.

%FWSM-6-719025: Email Proxy DNS name resolution failed for hostname.

%FWSM-6-719026: Email Proxy DNS name hostname resolved to IP_address.

%FWSM-6-720002: (VPN-unit) Starting VPN Stateful Failover Subsystem...

%FWSM-6-720003: (VPN-unit) Initialization of VPN Stateful Failover Component completed successfully

%FWSM-6-720004: (VPN-unit) VPN failover main thread started.

%FWSM-6-720005: (VPN-unit) VPN failover timer thread started.

%FWSM-6-720006: (VPN-unit) VPN failover sync thread started.

%FWSM-6-720010: (VPN-unit) VPN failover client is being disabled

%FWSM-6-720012: (VPN-unit) Failed to update IPSec failover runtime data on the standby unit.

%FWSM-6-720014: (VPN-unit) Phase 2 connection entry (msg_id=message_number, my cookie=mine, his cookie=his) contains no SA list.

%FWSM-6-720015: (VPN-unit) Cannot found Phase 1 SA for Phase 2 connection entry (msg_id=message_number,my cookie=mine, his cookie=his).

Debugging Messages, Severity 7

The following messages appear at severity 7, debugging:

%FWSM-7-109014: uauth_lookup_net fail for uauth_in()

%FWSM-7-109021: Uauth null proxy error

%FWSM-7-111009:User user executed cmd:string

%FWSM-7-199009: ICMP detected an attached application while removing a context

%FWSM-7-304005: URL Server IP_address request pending URL url

%FWSM-7-304009: Ran out of buffer blocks specified by url-block command

%FWSM-7-701001: alloc_user() out of Tcp_user objects

%FWSM-7-701002: alloc_user() out of Tcp_proxy objects

%FWSM-7-702201: ISAKMP Phase 1 delete received (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702202: ISAKMP Phase 1 delete sent (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702203: ISAKMP DPD timed out (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702204: ISAKMP Phase 1 retransmission (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702205: ISAKMP Phase 2 retransmission (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702206: ISAKMP malformed payload received (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702207: ISAKMP duplicate packet detected (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702208: ISAKMP Phase 1 exchange started (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702209: ISAKMP Phase 2 exchange started (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702210: ISAKMP Phase 1 exchange completed(local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702211: ISAKMP Phase 2 exchange completed(local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702212: ISAKMP Phase 1 initiating rekey (local IP_address (initiator|responder), remote IP_address)

%FWSM-7-702301: lifetime expiring...

%FWSM-7-702303: sa_request...

%FWSM-7-703001: H.225 message received from interface_name:IP_address/port to interface_name:IP_address/port is using an unsupported version number

%FWSM-7-703002: Received H.225 Release Complete with newConnectionNeeded for interface_name:IP_address to interface_name:IP_address/port

%FWSM-7-709001: FO replication failed: cmd=command returned=code

%FWSM-7-709002: FO unreplicable: cmd=command

%FWSM-7-710001: TCP access requested from source_address/source_port to interface_name:dest_address/service

%FWSM-7-710002: {TCP|UDP} access permitted from source_address/source_port to interface_name:dest_address/service

%FWSM-7-710004: TCP connection limit exceeded from source_address/source_port to interface_name:dest_address/service

%FWSM-7-710005: {TCP|UDP} request discarded from source_address/source_port to interface_name:dest_address/service

%FWSM-7-710006: protocol request discarded from source_address to interface_name:dest_address

%FWSM-7-711001: debug_trace_msg

%FWSM-7-711002: Task ran for elapsed_time msecs, process = process_name

%FWSM-7-711003: Unknown/Invalid interface identifier (vpifnum) detected

%FWSM-7-713024: Received local Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port

%FWSM-7-713025: Received remote Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port

%FWSM-7-713026: Transmitted local Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port

%FWSM-7-713027: Transmitted remote Proxy Host data in ID Payload: Address IP_address, Protocol protocol, Port port

%FWSM-7-713028: Received local Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port

%FWSM-7-713029: Received remote Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port

%FWSM-7-713030: Transmitted local Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port

%FWSM-7-713031: Transmitted remote Proxy Range data in ID Payload: Addresses IP_address - IP_address, Protocol protocol, Port port

%FWSM-7-713034: Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port

%FWSM-7-713035: Received remote IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port

%FWSM-7-713036: Transmitted local IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port

%FWSM-7-713037: Transmitted remote IP Proxy Subnet data in ID Payload: Address IP_address, Mask netmask, Protocol protocol, Port port

%FWSM-7-713039: Send failure: Bytes (number), Peer: IP_address

%FWSM-7-713040: Could not find connection entry and can not encrypt: msgid message_number

%FWSM-7-713052: User (user) authenticated.

%FWSM-7-713066: IKE Remote Peer configured for SA: SA_name

%FWSM-7-713094: Cert validation failure: handle invalid for Main/Aggressive Mode Initiator/Responder!

%FWSM-7-713099: Tunnel Rejected: Received NONCE length number is out of range!

%FWSM-7-713103: Invalid (NULL) secret key detected while computing hash

%FWSM-7-713104: Attempt to get Phase 1 ID data failed while hash computation

%FWSM-7-713113: Deleting IKE SA with associated IPSec connection entries. IKE peer: IP_address, SA address: internal_SA_address, tunnel count: count

%FWSM-7-713114: Connection entry (conn entry internal address) points to IKE SA (SA_internal_address) for peer IP_address, but cookies don't match

%FWSM-7-713117: Received Invalid SPI notify (SPI SPI_Value)!

%FWSM-7-713121: Keep-alive type for this connection: keepalive_type

%FWSM-7-713143: Processing firewall record. Vendor: vendor(id), Product: product(id), Caps: capability_value, Version Number: version_number, Version String: version_text

%FWSM-7-713160: Remote user (session Id - id) has been granted access by the Firewall Server

%FWSM-7-713164: The Firewall Server has requested a list of active user sessions

%FWSM-7-713169: IKE Received delete for rekeyed SA IKE peer: IP_address, SA address: internal_SA_address, tunnelCnt: tunnel_count

%FWSM-7-713170: IKE Received delete for rekeyed centry IKE peer: IP_address, centry address: internal_address, msgid: id

%FWSM-7-713171: NAT-Traversal sending NAT-Original-Address payload

%FWSM-7-713187: Tunnel Rejected: IKE peer does not match remote peer as defined in L2L policy IKE peer address: IP_address, Remote peer address: IP_address

%FWSM-7-713190: Got bad refCnt (ref_count_value) assigning IP_address (IP_address)

%FWSM-7-713204: Adding static route for client address: IP_address

%FWSM-7-713221: Static Crypto Map check, checking map = crypto_map_tag, seq = seq_number...

%FWSM-7-713222: Static Crypto Map check, map = crypto_map_tag, seq = seq_number, ACL does not match proxy IDs src:source_address dst:dest_address

%FWSM-7-713223: Static Crypto Map check, map = crypto_map_tag, seq = seq_number, no ACL configured

%FWSM-7-713224: Static Crypto Map Check by-passed: Crypto map entry incomplete!

%FWSM-7-713225: [IKEv1], Static Crypto Map check, map map_name, seq = sequence_number is a successful match

%FWSM-7-713900:Descriptive_event_string.

%FWSM-7-713901:Descriptive_event_string.

%FWSM-7-713905:Descriptive_event_string.

%FWSM-7-713906: debug_message

%FWSM-7-714001: Description of event or packet

%FWSM-7-714002: IKE Initiator starting QM: msg id = message_number

%FWSM-7-714003: IKE Responder starting QM: msg id = message_number

%FWSM-7-714004: IKE Initiator sending 1st QM pkt: msg id = message_number

%FWSM-7-714005: IKE Responder sending 2nd QM pkt: msg id = message_number

%FWSM-7-714006: IKE Initiator sending 3rd QM pkt: msg id = message_number

%FWSM-7-714007: IKE Initiator sending Initial Contact

%FWSM-7-714011: Description of received ID values

%FWSM-7-715001: Descriptive statement

%FWSM-7-715004: subroutine name() Q Send failure: RetCode (return_code)

%FWSM-7-715005: subroutine name() Bad message code: Code (message_code)

%FWSM-7-715006: IKE got SPI from key engine: SPI = SPI_value

%FWSM-7-715007: IKE got a KEY_ADD msg for SA: SPI = SPI_value

%FWSM-7-715008: Could not delete SA SA_address, refCnt = number, caller = calling_subroutine_address

%FWSM-7-715009: IKE Deleting SA: Remote Proxy IP_address, Local Proxy IP_address

%FWSM-7-715013: Tunnel negotiation in progress for destination IP_address, discarding data

%FWSM-7-715019: IKEGetUserAttributes: Attribute name = name

%FWSM-7-715020: construct_cfg_set: Attribute name = name

%FWSM-7-715040: Deleting active auth handle during SA deletion: handle = internal_authentication_handle

%FWSM-7-715041: Received keep-alive of type keepalive_type, not the negotiated type

%FWSM-7-715042: IKE received response of type failure_type to a request from the IP_address utility

%FWSM-7-715044: Ignoring Keepalive payload from vendor not support KeepAlive capability

%FWSM-7-715045: ERROR: malformed Keepalive payload

%FWSM-7-715046: constructing payload_description payload

%FWSM-7-715047: processing payload_description payload

%FWSM-7-715048: Send VID_type VID

%FWSM-7-715049: Received VID_type VID

%FWSM-7-715050: Claims to be IOS but failed authentication

%FWSM-7-715051: Received unexpected TLV type TLV_type while processing FWTYPE ModeCfg Reply

%FWSM-7-715052: Old P1 SA is being deleted but new SA is DEAD, cannot transition centries

%FWSM-7-715053: MODE_CFG: Received request for attribute_info!

%FWSM-7-715054: MODE_CFG: Received attribute_name reply: value

%FWSM-7-715055: Send attribute_name

%FWSM-7-715056: Client is configured for TCP_transparency

%FWSM-7-715057: Auto-detected a NAT device with NAT-Traversal. Ignoring IPSec-over-UDP configuration.

%FWSM-7-715058: NAT-Discovery payloads missing. Aborting NAT-Traversal.

%FWSM-7-715059: Proposing/Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal

%FWSM-7-715060: Dropped received IKE fragment. Reason: reason

%FWSM-7-715061: Rcv'd fragment from a new fragmentation set. Deleting any old fragments.

%FWSM-7-715062: Error assembling fragments! Fragment numbers are non-continuous.

%FWSM-7-715063: Successfully assembled an encrypted pkt from rcv'd fragments!

%FWSM-7-715064 -- IKE Peer included IKE fragmentation capability flags: Main Mode: true/false Aggressive Mode: true/false

%FWSM-7-715065: IKE state_machine subtype FSM error history (struct data_structure_address) state, event: state/event pairs

%FWSM-7-715066: Can't load an IPSec SA! The corresponding IKE SA contains an invalid logical ID.

%FWSM-7-715067: QM IsRekeyed: existing sa from different peer, rejecting new sa

%FWSM-7-715067: QM IsRekeyed: existing sa from different peer, rejecting new sa

%FWSM-7-715068: QM IsRekeyed: duplicate sa found by address, deleting old sa

%FWSM-7-715069: Invalid ESP SPI size of SPI_size

%FWSM-7-715070: Invalid IPComp SPI size of SPI_size

%FWSM-7-715071: AH proposal not supported

%FWSM-7-715072: Received proposal with unknown protocol ID protocol_ID

%FWSM-7-715074: Could not retrieve authentication attributes for peer IP_address

%FWSM-7-715075: Group = group_name, Username = client, IP = IP_address Received keep-alive of type message_type (seq number number)

Variables Used in System Log Messages

System log messages often contain variables. Table A-1 lists most variables that are used in this guide to describe system log messages. Some variables that appear only in one system log message are not listed.

Table A-1 Variable Fields in System Log Messages 

Variable
Description

acl_ID

An ACL name.

bytes

The number of bytes.

code

A decimal number returned by the system log message to indicate the cause or source of the error, depending on the system log message.

command

A command name.

command_modifier

The command_modifier is one of the following strings:

clear

cmd (In this case, the command has no modifier.)

no

show

connections

The number of connections.

connection_type

The connection type:

SIGNALLING TCP

SIGNALLING UDP

SUBSCRIBE TCP

SUBSCRIBE UDP

Via UDP

Route

RTP

RTCP

dec

A decimal number.

dest_address

The destination address of a packet.

dest_port

The destination port number.

device

The memory storage device. For example, the floppy disk, internal Flash memory, TFTP, the failover standby unit, or the console terminal.

econns

The number of embryonic connections.

elimit

The number of embryonic connections specified in the static or nat command.

filename

A filename of the type security appliance image, ASDM file, or configuration file.

ftp-server

The external FTP server name or IP address.

gateway_address

The network gateway IP address.

global_address

The global IP address, an address on a lower security level interface.

global_port

The global port number.

hex

A hexadecimal number.

inside_address

The inside (or local) IP address, an address on a higher security level interface.

inside_port

The inside port number.

interface_name

The name of the interface.

IP_address

The IP address in the form n.n.n.n, where n is an integer from 1 to 255.

MAC_address

The MAC address.

mapped_address

The translated IP address.

mapped_port

The translated port number.

message_class

The category of system log messages associated with a functional area of the FWSM.

message_list

The name of a file you create that contains a list of system log message ID numbers, classes, or severity levels.

message_number

The system log message ID.

nconns

The number of connections allowed for the static or xlate table.

netmask

The subnet mask.

number

A number. The exact form depends on the system log message.

octal

An octal number.

outside_address

The outside (or foreign) IP address, an address of a syslog server usually on a lower security level interface in a network beyond the outside router.

outside_port

The outside port number.

port

The TCP or UDP port number.

privilege_level

The user privilege level.

protocol

The protocol of the packet. For example, ICMP, TCP, or UDP.

real_address

The actual IP address, before Network Address Translation (NAT).

real_port

The actual port number, before NAT.

reason

A text string that describes the reason for the system log message.

service

The service specified by the packet. For example: SNMP or Telnet.

severity_level

The severity level of a system log message.

source_address

The source address of a packet.

source_port

The source port number.

string

A text string. For example, a username.

tcp_flags

Flags in the TCP header, such as:

ACK

FIN

PSH

RST

SYN

URG

time

The duration, in the format hh:mm:ss.

url

A web address.

user

A username.