Table Of Contents
Numerics - A - B - C - D - E - F - H - I - L - M - N - O - P - R - S - T - U - V - W - X -
Index
Numerics
A
AAA
authentication 1-40, 1-41, 1-42, 1-401
authorization 1-31
messages 1-26, 1-27, 1-29, 1-30, 1-31, 1-32, 1-39, 1-40, 1-41, 1-42, 1-43, 1-168, 1-182, 1-233, 1-234, 1-259
server 1-32, 1-42, 1-168, 1-234, 1-258, 1-400, 1-401
ABR
without backbone area 1-111
access denied
URL 1-96
access-list command 1-15, 1-21, 1-94, 1-392
deny-flow-max option 1-22
interval option 1-21
log option 1-21
omitting 1-29
to permit traffic on UDP port 53 1-15, 1-21, 1-94, 1-392
access-list deny-flow-max command 1-22
access lists
access permitted 1-265
access requested 1-265
ACLs
ACL_ID 1-349
compilation out of memory 1-20
configuration error 1-30
deny 1-94
deny-flows 1-22
empty ACL downloaded 1-29
failed check 1-31
logging matches 1-21
no ACL configured 1-311
packet denied 1-19
parsing error 1-29
peer context ID 1-392
peer IP address not set 1-392
proxy ID mismatch 1-310
SoftNP error 1-395
split tunneling policy 1-293
unsupported format 1-43
WebVPN
ACL ID not found 1-400
parse error 1-341, 1-342, 1-400
user authorization failure 1-400
ActiveX object, filtering 1-219
address translation slots 1-173
no more available 1-68, 1-172, 1-173
address translation slots, no more available 1-68
anchor count negative 1-141
area border router
ARP packet mismatch 1-172
ARP poisoning attack 1-172
ARP spoofing attack 1-115
asymmetric routing 1-19
attacks
ARP poisoning 1-172
DNS HINFO request 1-155
DNS request for all records 1-155
DNS zone transfer 1-155
DNS zone transfer from high port 1-155
DoS 1-22, 1-29, 1-69, 1-172, 1-177
fragmented ICMP traffic 1-155
IP fragment 1-154
IP fragments overlap 1-154
IP impossible packet 1-154
land 1-18
large ICMP traffic 1-155
man in the middle 1-114
ping of death 1-155
proxied RPC request 1-155
spoofing 1-17, 1-18, 1-19, 1-115, 1-116, 1-173
statd buffer overflow 1-155
suspicious e-mail address pattern 1-23
SYN 1-64
TCP FIN only flags 1-155
TCP NULL flags 1-155
TCP SYN+FIN flags 1-155
UDP bomb 1-155
UDP chargen DoS 1-155
UDP snork 1-155
Authen Session End 1-28
authentication
failed 1-27
request 1-233
request succeeds 1-26
response 1-234
server not found 1-26
Auth from IP address/port to IP address/port failed 1-26
authorization
command 1-243
user 1-244
user denied 1-27
Auth start for user 1-26
Auto Update URL unreachable 1-251
B
backup server list
downloaded 1-247
error 1-247
bandwidth
reported as zero 1-252
bridge table
full 1-186
broadcast, invalid source address 1-17
built H245 connection 1-86
C
cannot specify PAT host 1-16
certificate data could not be verified 1-365
classes, logging
message class variables 1-1
types 1-1
clear command
local-host option 1-177
conduit command
permit ICMP option 1-17
config command 1-37
configuration
erase 1-37
replication
beginning 1-264
failed 1-263
status changed 1-185
configure command 1-37
connection limit exceeded 1-63, 1-64, 1-66, 1-72, 1-266, A-49
CTIQBE
connection object pre-allocation 1-255
unsupported version 1-255
D
deny
inbound from outside 1-16
inbound ICMP 1-17
inbound UDP 1-15
inbound UDP due to query/response 1-15
IP from address to address 1-16
IP spoof 1-17
self route 1-16
TCP (no connection) 1-17
detecting use of Internet phone 1-86
device pass through
disabled 1-250
enabled 1-249
DNS HINFO request attack 1-155
DNS query or response is denied 1-15
DNS request for all records attack 1-155
DNS server too slow 1-15
DNS zone transfer attack 1-155
DNS zone transfer from high port attack 1-155
dropping echo request 1-16
E
Easy VPN Remote
backup server list
downloaded 1-247
error 1-247
device pass through
disabled 1-250
enabled 1-249
load balancing cluster
disconnected 1-248
redirected 1-248
split network entry duplicate 1-250
SUA
enabled 1-248
user authentication
disabled 1-249
enabled 1-249
XAUTH enabled 1-250
embryonic limit exceeded 1-64
F
failover
bad cable 1-3
block allocation failed 1-9
cable communication failed 1-9
cable not connected 1-3
cable status 1-3
configuration replication 1-10
configuration replication failed 1-265
continuous failovers 1-11, 1-12
failed network interface 1-5
failover active command 1-409
failover command message dropped 1-11
incompatible software on mate 1-12
interface link down 1-13
LAN interface down 1-10
license mismatch with mate 1-13
link status up or down 1-8
lost communications with mate 1-8
mate card configuration mismatch 1-14
mate has different chassis 1-14
mate may be disabled 1-12
operational mode mismatch with mate 1-13
peer failure 1-5
peer LAN link down 1-11
power failure 1-3
primary unit failure 1-7
replication interrupted 1-12
show failover command 1-414
standby unit failed to sync 1-10
stateful error 1-70
stateful failover 1-70, 1-71, 1-72, 1-73
VPN failover
buffer error 1-407
client being disabled 1-405
CTCP flow handle error 1-412
failed to allocate chunk 1-404
failed to initialize 1-402
failed to receive message from active unit 1-414
memory allocation error 1-405
non-block message not sent 1-407
registration failure 1-404
SDI node secret file failed to synchronize 1-415
standby unit received corrupted message from active unit 1-413
state update message failure 1-412
timer error 1-406
trustpoint certification failure 1-405
trustpoint name not found 1-408
unable to add to message queue 1-411
version control block failure 1-404
failover messages 1-2, 1-4, 1-7, 1-9, 1-264
filter allow command 1-97
filter command
activex option 1-219
allow option 1-97
filtering ActiveX objects 1-219
Flood Defender 1-259
floodguard command 1-27
flow control error 1-140
fragmented ICMP traffic attack 1-155
FTP
data connection failed 1-64
H
H.225 1-174
H.245 1-86
H.245 connection
foreign address 1-86
H.323 1-86
back-connection, preallocated 1-86
unsupported packet version 1-263
handle not allocated 1-140
hello packet with duplicate router ID 1-181
hostile event 1-18, 1-158, 1-168
firewall circumvented 1-18
host limit 1-177
host move 1-185
HTTPS process limit 1-30
I
ICMP
translation creation failed 1-99
IDB initializatrion 1-112
inbound TCP connection denied 1-14
inspect ESMTP command 1-23
insufficient memory 1-68, 1-173
interface
PPP virtual 1-79
virtual 1-79
zero bandwidth 1-252
Internet phone, detecting use of 1-86
invalid character replaced in e-mail address 1-23
invalid source addresses 1-17
IP address
DHCP client 1-235
DHCP server 1-235
IP fragment attack 1-154
IP fragments overlap attack 1-154
IP impossible packet attack 1-154
IP route counter decrement failure 1-178
IP routing table
creation error 1-110
limit exceeded 1-110
limit warning 1-110
OSPF inconsistency 1-111
IPSec
connection entries 1-286
connections 1-39, 1-40, 1-41, 1-42, 1-43, 1-364
failure 1-363
L2TP-over-IPSec 1-287
cTCP tunnel 1-417
encryption 1-325
fragmentation policy ignored 1-302
L2TP-over-IPSec connection 1-287
negotiation 1-279
overTCP 1-333
packet 1-158
packet missing 1-157
packet triggered IKE 1-276
proposal
SA 1-337
unsupported 1-337
protocol 1-270
proxy mismatch 1-94
rekeying duration 1-281, 1-282
request rejected 1-287
SA 1-278, 1-284, 1-287, 1-326, 1-327, 1-336
tunnels 1-39, 1-108, 1-277, 1-278, 1-301, 1-362, 1-363, 1-386
ip verify reverse-path command 1-18, 1-19
L
L2TP
tunnel 1-234
land attack 1-18
large ICMP traffic attack 1-155
Leaving ALLOW mode, URL Server 1-97
link state advertisement
link status `Up' or 'Down' 1-8
load balancing cluster
disconnected 1-248
redirected 1-248
logging
classes
types 1-1
loopback network, invalid source address 1-17
lost failover communications with mate 1-8
low memory 1-109
failed operation 1-109
LSA
default with wrong mask 1-180
invalid type 1-180
not found 1-111
M
MAC address mismatch 1-172
man in the middle attack 1-114
memory
block depleted 1-9
corruption 1-252
leak 1-111
low 1-109
message block alloc failed 1-9
messages
alert log 1-23
connection-related 1-16, 1-63, 1-64, 1-86
FTP 1-97
Mail Guard 1-23
SNMP 1-74
SSH 1-108
stateful failover 1-70, 1-71, 1-72, 1-73
variables used in A-56
messages, logging
classes
list of 1-1
Microsoft Point-to-Point Encryption
module management 1-37
MPPE
encryption policy setup 1-167, 1-168
MS-CHAP 1-167
authentication 1-167
N
nat command 1-98
no associated connection within connection table 1-17
no authentication server found 1-26
no translation group found 1-98
O
OSPF
ABR without backbone area 1-111
checksum error 1-252
configuration change 1-252
database description from unknown neighbor 1-179
database request from unknown neighbor 1-179
hello from unknown neighbor 1-179
hello packet with duplicate router ID 1-181
IDB initializatrion 1-112
invalid packet 1-179
IP routing table inconsistency 1-111
LSA
default with wrong mask 1-180
invalid type 1-180
not found 1-111
neighbor state changed 1-222
network range area changed 1-252
packet of invalid length 1-180
process reset 1-112
router ID allocation failure 1-181
router-id reset 1-112
virtual links 1-112
outbound deny command 1-15
out of address translation slots! 1-68
P
packet
integrity check 1-16
not matched outbound NAT rules 1-98
PAT
global address 1-16
host unspecified 1-16
pdb index error 1-110
ping of death attack 1-155
power failure, failover 1-3
PPP virtual interface 1-79
PPTP
packet out of sequence 1-233
XGRE packet 1-166
preallocate H323 UDP back connection 1-86
privilege level, changed 1-221
proxied RPC request attack 1-155
R
RADIUS authentication 1-167
RCMD, back connection failed 1-65
rebuilt TCP connection 1-86
request discarded 1-267
router ID allocation failure 1-181
router-ID reset 1-112
rsh command 1-65
S
security
breach 1-16
context
added 1-222
context cannot be determined 1-20
removed 1-223
parameters index
self route 1-16
SETUP message 1-174
show command
blocks option 1-9
local-host option 1-177
outbound option 1-15
version option 1-177
show static command 1-63
shuns 1-157
SIP connection 1-238
skinny connection 1-240
SMTP 1-23
software version mismatch 1-188
SPI 1-157
split network entry duplicate 1-250
spoofing attack 1-17, 1-18, 1-19, 1-173
SSH 1-108
statd buffer overflow attack 1-155
stateful failover 1-70, 1-71, 1-73
SUA
disabled 1-248
enabled 1-248
SYN 1-17
attack 1-64
flag 1-17
system log messages
classes 1-1
T
TCP
access permitted 1-265
access requested 1-265
connection limit exceeded 1-266, A-49
connections 1-265
incorrect header length 1-219
no associated connection in table 1-17
request discarded 1-267
translation creation failed 1-99
TCP FIN only flags attack 1-155
TCP NULL flags attack 1-155
TCP state-bypass connection creation 1-94
TCP state-bypass connection teardown 1-94
TCP SYN+FIN flags attack 1-155
testing
interface 1-9
timeouts, recommended values 1-177
timeout uauth command 1-28
too many connections on static 1-63
tunnel, PPTP 1-79
U
UDP
access permitted 1-265
bomb attack 1-155
chargen DoS attack 1-155
connections 1-265
messages 1-98
packet 1-15
request discarded 1-267
snork attack 1-155
translation creation failed 1-99
unsupported application 1-187
URL
buffer block space 1-98
filtering, disabled 1-97
Server 1-96
user authentication
disabled 1-249
enabled 1-249
error 1-30
user logged out 1-244
username
created 1-221
deleted 1-221
V
variables
in messages A-56
list of A-56
virtual interface 1-79
virtual links 1-112
vpdn group command 1-167
VPN
peer limit 1-108
tunnel 1-108
VPN failover
client being disabled 1-405
CTCP flow handle error 1-412
failed to allocate chunk 1-404
failed to initialize 1-402
failed to receive message from active unit 1-414
memory allocation error 1-405
non-block message not sent 1-407
registration failure 1-404
SDI node secret file failed to synchronize 1-415
standby unit received corrupted message from active unit 1-413
state update message failure 1-412
timer error 1-406
trustpoint certification failure 1-405
trustpoint name not found 1-408
unable to add to message queue 1-411
version control block failure 1-404
W
web requests, unfiltered 1-97
write command 1-37
erase option 1-37
standby command 1-73
standby option 1-71
write erase command 1-37
X
XAUTH enabled 1-250
XGRE, packet with invalid protocol field 1-166