Table Of Contents
Symbols - Numerics - A - B - C - D - E - F - H - I - L - M - N - O - P - R - S - T - U - V - W - X -
Index
Symbols
%ASA-5-113024
Group tg
Authenticating type connection from ip with username, user_name, from client certificate 46
%ASA-5-113025
Group tg
FAILED to extract username from certificate while authenticating type connection from ip 47
Numerics
713250 323
A
AAA
authentication 41, 42, 43, 409
authorization 31
messages 26, 27, 28, 29, 30, 31, 32, 40, 41, 42, 43, 44, 172, 173, 186, 237, 264
server 32, 43, 172, 173, 237, 263, 408, 409
ABR
without backbone area 113
access denied
URL 98
access-list command 15, 22, 96, 400
deny-flow-max option 22
interval option 22
log option 21
omitting 30
to permit traffic on UDP port 53 15, 22, 96, 400
access-list deny-flow-max command 22
access lists
access permitted 270
access requested 270
ACLs
ACL_ID 356
compilation out of memory 20
configuration error 30
deny 96
deny-flows 22
empty ACL downloaded 30
failed check 31
logging matches 21
no ACL configured 316
packet denied 20
parsing error 30
peer context ID 400
peer IP address not set 400
proxy ID mismatch 315
SoftNP error 403
split tunneling policy 297
unsupported format 44
WebVPN
ACL ID not found 408
user authorization failure 408
ActiveX object, filtering 222, 223
address translation slots 177
no more available 72, 176, 177
address translation slots, no more available 72
anchor count negative 143
area border router
ARP packet mismatch 176
ARP poisoning attack 176
ARP spoofing attack 117
asymmetric routing 19
attacks
ARP poisoning 176
ARP spoofing 117
DNS HINFO request 159
DNS request for all records 160
DNS zone transfer 160
DNS zone transfer from high port 160
fragmented ICMP traffic 159
IP fragment 159
IP fragments overlap 159
IP impossible packet 159
land 18
large ICMP traffic 159
man in the middle 115
ping of death 159
proxied RPC request 160
statd buffer overflow 160
suspicious e-mail address pattern 24
SYN 68
TCP FIN only flags 159
TCP NULL flags 159
TCP SYN+FIN flags 159
UDP bomb 159
UDP chargen DoS 159
UDP snork 159
Authen Session End 28
authentication
failed 27
request 237
request succeeds 27
response 237
server not found 27
Auth from IP address/port to IP address/port failed 26
authorization
command 248
user 249
user denied 28
Auth start for user 26
Auto Update URL unreachable 256
B
backup server list
downloaded 252
error 252
bandwidth
reported as zero 256
bridge table
full 190
broadcast, invalid source address 17
built H245 connection 88
C
cannot specify PAT host 16
certificate data could not be verified 373
classes, logging
message class variables 1
types 1
clear command
local-host option 181
conduit command
permit ICMP option 17
config command 38
configuration
erase 37
replication
beginning 269
failed 268
status changed 189
configure command 38
connection limit exceeded 68, 69, 71, 77, 271, 51
CTIQBE
connection object pre-allocation 259
unsupported version 260
D
deny
inbound from outside 16
inbound ICMP 17
inbound UDP 15
inbound UDP due to query/response 15
IP from address to address 16
IP spoof 17
self route 16
TCP (no connection) 17
detecting use of Internet phone 88
device pass through
disabled 254
enabled 254
DNS HINFO request attack 159
DNS query or response is denied 15
DNS request for all records attack 160
DNS server too slow 15
DNS zone transfer attack 160
DNS zone transfer from high port attack 160
dropping echo request 16
E
Easy VPN Remote
backup server list
downloaded 252
error 252
device pass through
disabled 254
enabled 254
load balancing cluster
disconnected 253
redirected 252
split network entry duplicate 255
SUA
enabled 253
user authentication
disabled 254
enabled 253
XAUTH enabled 254
embryonic limit exceeded 68
F
failover
bad cable 3
block allocation failed 9
cable communication failed 9
cable not connected 3
cable status 3
configuration replication 10
configuration replication failed 270
failed network interface 5
failover active command 417
failover command message dropped 11
incompatible software on mate 12
interface link down 13
LAN interface down 10
license mismatch with mate 13
link status up or down 8
lost communications with mate 8
mate card configuration mismatch 14
mate has different chassis 14
mate may be disabled 12
operational mode mismatch with mate 13
peer failure 5
peer LAN link down 11
power failure 3
primary unit failure 6
replication interrupted 12
show failover command 422
standby unit failed to sync 10
stateful error 75
stateful failover 75, 76, 77, 78
VPN failover
buffer error 415
client being disabled 413
CTCP flow handle error 420
failed to allocate chunk 412
failed to initialize 410
failed to receive message from active unit 422
memory allocation error 413
non-block message not sent 415
registration failure 412
SDI node secret file failed to synchronize 423
standby unit received corrupted message from active unit 421
state update message failure 420
timer error 414
trustpoint certification failure 413
trustpoint name not found 416
unable to add to message queue 419
version control block failure 412
failover messages 2, 4, 9, 269
filter allow command 99
filter command
activex option 222
allow option 99
filtering ActiveX objects 222, 223
Flood Defender 264
floodguard command 28
flow control error 142
fragmented ICMP traffic attack 159
FTP
data connection failed 69
H
H.225 178
H.245 88
H.245 connection
foreign address 88
H.323 88
back-connection, preallocated 88
unsupported packet version 268
handle not allocated 142
hello packet with duplicate router ID 185
hostile event 18, 162, 163, 173
firewall circumvented 18
host limit 181
host move 190
HTTPS process limit 31
I
ICMP
translation creation failed 101
IDB initializatrion 114
inbound TCP connection denied 14
inspect ESMTP command 23
interface
PPP virtual 82
virtual 82
zero bandwidth 256
Internet phone, detecting use of 88
invalid character replaced in e-mail address 23
invalid source addresses 17
IP address
DHCP client 239
DHCP server 239
IP fragment attack 159
IP fragments overlap attack 159
IP impossible packet attack 159
IP route counter decrement failure 182
IP routing table
creation error 111
limit exceeded 112
limit warning 112
OSPF inconsistency 113
IPSec
connection entries 291
connections 40, 41, 42, 43, 44, 372
failure 371
L2TP-over-IPSec 292
cTCP tunnel 426
encryption 331
fragmentation policy ignored 307
invalid packet 162
L2TP-over-IPSec connection 292
negotiation 283
overTCP 339
packet missing 162
packet triggered IKE 281
proposal
SA 343
unsupported 343
protocol 275
proxy mismatch 96
rekeying duration 286
request rejected 292
SA 283, 288, 289, 292, 331, 333, 341
proposal 342
tunnels 40, 110, 282, 306, 370, 371, 394
ip verify reverse-path command 19
L
L2TP
tunnel 238
land attack 18
large ICMP traffic attack 159
Leaving ALLOW mode, URL Server 99
link state advertisement
link status `Up' or 'Down' 8
load balancing cluster
disconnected 253
redirected 252
logging
classes
types 1
loopback network, invalid source address 17
lost failover communications with mate 8
low memory 111
failed operation 111
LSA
default with wrong mask 184
invalid type 184
not found 113
M
MAC address mismatch 177
man in the middle attack 115
memory
block depleted 9
corruption 256
leak 113
low 111
message block alloc failed 9
messages
alert log 23
connection-related 16, 68, 69, 88
FTP??to 99
Mail Guard 23
SNMP 79
SSH 110
stateful failover 75, 76, 77, 78
variables used in 58
messages, logging
classes
list of 1
Microsoft Point-to-Point Encryption
module management 37
MPPE
encryption policy setup 172, 173
MS-CHAP 172
authentication 172
N
nat command 100
no associated connection within connection table 17
no authentication server found 27
no translation group found 100
O
OSPF
ABR without backbone area 113
checksum error 256
configuration change 256
database description from unknown neighbor 183
database request from unknown neighbor 183
hello from unknown neighbor 183
hello packet with duplicate router ID 185
IDB initializatrion 114
invalid packet 183
IP routing table inconsistency 113
LSA
default with wrong mask 184
invalid type 184
not found 113
neighbor state changed 226
network range area changed 256
packet of invalid length 184
process reset 114
router ID allocation failure 185
router-id reset 114
virtual links 114
outbound deny command 15
out of address translation slots! 72
P
packet
integrity check 16
not matched outbound NAT rules 100
PAT
global address 16
host unspecified 16
pdb index error 112
ping of death attack 159
power failure, failover 3
PPP virtual interface 82
PPTP
packet out of sequence 237
XGRE packet 171
preallocate H323 UDP back connection 88
privilege level, changed 224, 225
proxied RPC request attack 160
R
RADIUS authentication 172
RCMD, back connection failed 69
rebuilt TCP connection 89
request discarded 271
router ID allocation failure 185
router-ID reset 114
rsh command 69
S
security
breach 16
context
added 226
context cannot be determined 20, 21
removed 226
parameters index
self route 16
SETUP message 178
Seveity level 2
ASA-2-716501 363
Severity level 1
ASA-1-199010 67
Severity level 2
ASA-2-716500 362
ASA-2-716502 363
ASA-2-716503 363
ASA-2-716504 363
ASA-2-716505 363
ASA-2-716506 364
ASA-2-716509 364
ASA-2-716510 364
ASA-2-716512 365
ASA-2-716513 365
ASA-2-716515 365
ASA-2-716516 365
ASA-2-716517 365
ASA-2-716518 366
ASA-2-716519 366
ASA-2-716520 366
ASA-2-716521 366
ASA-2-716522 366
ASA-2-716525 367
ASA-2-716526 367
ASA-2-716527 367
ASA-2-716528 367
Severity level 3
ASA-3-316002 110
ASA-3-507003 232
ASA-3-722045 451
ASA-3-722046 452
Severity level 4
ASA-4-713255 325
ASA-4-722042 450
ASA-4-722047 452
ASA-4-722048 452
ASA-4-722049 453
ASA-4-722050 453
ASA-4-733104 472
Severity level 5
ASA-5-402128 170
ASA-5-713257 326
ASA-5-722043 451
ASA-5-722044 451
Severity level 6
ASA-4-713256 325
ASA-6-734001 472
Severity levelk 2
ASA-2-716508 364
Severuity level 6
ASA-6-106102 22
show command
blocks option 9
local-host option 181
outbound option 15
version option 181
show static command 68
shuns 161
SIP connection 243
skinny connection 245
SMTP 23
software version mismatch 192
SPI 162
split network entry duplicate 255
SSH 110
statd buffer overflow attack 160
SUA
disabled 253
enabled 253
SYN 17
attack 68
flag 17
system log messages
classes 1
T
TCP
access permitted 270
access requested 270
connection limit exceeded 271, 51
connections 270
incorrect header length 223
no associated connection in table 17
request discarded 271
translation creation failed 101
TCP FIN only flags attack 159
TCP NULL flags attack 159
TCP SYN+FIN flags attack 159
testing
interface 9
timeouts, recommended values 181
timeout uauth command 28
too many connections on static 68
tunnel, PPTP 81
U
UDP
access permitted 270
bomb attack 159
chargen DoS attack 159
connections 270
messages 100
packet 15
request discarded 271
snork attack 159
translation creation failed 101
unsupported application 192
URL
buffer block space 99
filtering, disabled 99
Server 98
user authentication
disabled 254
enabled 253
error 30
user logged out 249
username
created 225
deleted 225
V
variables
in messages 58
list of 58
virtual interface 82
virtual links 114
vpdn group command 172
VPN
peer limit 110
tunnel 110
VPN failover
client being disabled 413
CTCP flow handle error 420
failed to allocate chunk 412
failed to initialize 410
failed to receive message from active unit 422
memory allocation error 413
non-block message not sent 415
registration failure 412
SDI node secret file failed to synchronize 423
standby unit received corrupted message from active unit 421
state update message failure 420
timer error 414
trustpoint certification failure 413
trustpoint name not found 416
unable to add to message queue 419
version control block failure 412
W
web requests, unfiltered 99
Websense server 98
write command 38
erase option 37
standby command 77
standby option 76
write erase command 37
X
XAUTH enabled 254
XGRE, packet with invalid protocol field 171