Table Of Contents
A - B - C - D - E - F - H - I - L - M - N - O - P - Q - R - S - T - U - V - W -
Index
A
AAA
authentication 2-33, 2-34, 2-35
authorization 2-26
messages 2-21, 2-22, 2-23, 2-24, 2-25, 2-26, 2-27, 2-32, 2-33, 2-34, 2-35, 2-36, 2-96, 2-128
ABR
without backbone area 2-70
access denied 2-19
by ACL 2-19
URL 2-58
access-list command 2-14, 2-19, 2-57
to permit traffic on UDP port 53 2-14
access list not created 2-224
access permitted 2-134
access requested 2-134
ACLs
compilation out of memory 2-18
configuration error 2-25
deny 2-57
deny-flows 2-20
empty ACL downloaded 2-25
failed check 2-26
list empty 2-25
logging matches 2-19
no ACL configured 2-179
packet denied 2-18
parsing error 2-25
peer context ID 2-224
peer IP address not set 2-224
proxy ID mismatch 2-179
SoftNP error 2-226
split tunneling policy 2-161
traffic denied on UDP port 53 2-14, 2-19, 2-57
traffic flow limit exceeded 2-20
unsupported format 2-36
ActiveX object, filtering 2-109
address translation slots 2-89
no more available 2-41, 2-88, 2-89
area border router
ARP
packet mismatch 2-88
poisoning attack 2-88
spoofing attack 2-74
asymmetric routing 2-17
attacks
ARP poisoning 2-88
ARP spoofing 2-74
DoS 2-20, 2-24, 2-42, 2-87, 2-92
IP routing table 2-20
land 2-16
man in the middle 2-72
spoofing 2-16, 2-17, 2-73, 2-74, 2-88
suspicious e-mail address pattern 2-21
SYN 2-39
Authen Session End 2-23
authentication
failed 2-22
request succeeds 2-22
server not found 2-22
Auth from IP address/port to IP address/port failed 2-21
authorization
failed 2-122
user denied 2-23
Auth start for user 2-21
Auto Update URL unreachable 2-123
B
bandwidth, reported as zero 2-123
begin configuration 2-30
bridge table, full 2-98
broadcast, invalid source address 2-16
bufferwraps
save to Flash 1-5
save to interal Flash 1-13
send to FTP server 1-13
built H245 connection 2-50
C
cannot specify PAT host 2-15
class
filtering messages by 1-15
message class variables 1-15
types 1-15
clearing configuration settings 1-20
conduit command
permit ICMP option 2-15
config command 2-30
configuration 1-16
clearing local-host option 2-91
clearing settings 1-20
erase 2-30
replication
beginning 2-133
failed 2-132
status changed 2-97
configure command 2-30
connection limit exceeded 2-39, 2-40, 2-135
CTIQBE
connection object pre-allocation 2-126
unsupported version 2-126
D
deny
inbound from outside 2-14
inbound ICMP 2-15
inbound UDP 2-14
inbound UDP due to query/response 2-14
IP from address to address 2-15
IP spoof 2-16
self route 2-14
TCP (no connection) 2-15
deny IP spoof 2-16
detecting use of Internet phone 2-50
device ID, including in messages 1-18
disabling messages, specific message IDs 1-19
DNS query or response is denied 2-14
DNS server too slow 2-14
DoS attack 2-20, 2-24, 2-42, 2-92
dropping echo request 2-15
E
EMBLEM format, using in logs 1-19
embryonic limit exceeded 2-39
F
facility
setting 1-8
failover
bad cable 2-2
block allocation failed 2-8
cable communication failed 2-8
cable not connected 2-2
cable status 2-2
configuration replication 2-8
configuration replication failed 2-134
continuous failovers 2-10
failed network interface 2-3
failover active command 2-239
failover command message dropped 2-10
incompatible software on mate 2-11
interface link down 2-12
LAN interface down 2-9
license mismatch with mate 2-12
link status up or down 2-7
lost communications with mate 2-7
mate card configuration mismatch 2-13
mate has different chassis 2-12
mate may be disabled 2-11
operational mode mismatch with mate 2-12
peer failure 2-4
peer LAN link down 2-10
power failure 2-2
primary unit failure 2-5
replication interrupted 2-10
show failover command 2-244
standby unit failed to sync 2-9
stateful error 2-43
stateful failover 2-44, 2-45, 2-46
VPN failover
buffer error 2-236
client being disabled 2-234
CTCP flow handle error 2-241
failed to allocate chunk 2-233
failed to initialize 2-232
failed to receive message from active unit 2-244
memory allocation error 2-234
non-block message not sent 2-237
registration failure 2-233
SDI node secret file failed to synchronize 2-245
standby unit received corrupted message from active unit 2-242
state update message failure 2-242
timer error 2-235
trustpoint certification failure 2-235
trustpoint name not found 2-237
unable to add to message queue 2-241
version control block failure 2-234
failover messages 2-1, 2-3, 2-6, 2-7, 2-8, 2-133
filter allow command 2-60
filter command
activex option 2-109
allow option 2-60
filtering ActiveX objects 2-109
fixup protocol SMTP command 2-21
Flood Defender 2-128
floodguard command 2-23
format of messages 1-22
FTP
data connection failed 2-40
messages 2-57, 2-58, 2-59, 2-60
H
H.225 2-90
H.245 2-50
H.245 connection
foreign address 2-50
H.323 2-50
back-connection, preallocated 2-50
unsupported packet version 2-132
hello packet with duplicate router ID 2-95
hostile event 2-17, 2-86, 2-87
firewall circumvented 2-17
host limit 2-91
host move 2-98
HTTPS process limit 2-26
I
ICMP
packet denied 2-15
translation creation failed 2-61
IDB initializatrion 2-71
inbound TCP connection denied 2-13
insufficient memory 2-89
out of translation slots 2-41, 2-89
interface, zero bandwidth 2-123
Internet phone, detecting use of 2-50
invalid character replaced in e-mail address 2-21
invalid source addresses 2-16
IP address
DHCP client 2-117
DHCP server 2-117
IP route counter decrement failure 2-92
IP routing table
attack 2-20
creation error 2-69
limit exceeded 2-69
limit warning 2-69
OSPF inconsistency 2-70
IPSec
connection entries 2-154
AAA transaction failed 2-35, 2-36
authentication failed 2-33
L2TP-over-IPSec 2-155
successful 2-32
cTCP tunnel 2-248
encryption 2-185
fragmentation policy ignored 2-170
IKE request 2-132
invalid packet 2-86
L2TP-over-IPSec connection 2-155
negotiation 2-147
overTCP 2-193
packet missing 2-86
packet triggered IKE 2-144
proposal
SA 2-197
unsupported 2-197
protocol 2-138
proxy mismatch 2-57
rekeying duration 2-149
request rejected 2-155
SA 2-146, 2-151, 2-152, 2-155, 2-186, 2-187, 2-196, 2-197
proposal 2-197
tunnels 2-32, 2-68, 2-115, 2-131, 2-145, 2-146, 2-169, 2-203, 2-204, 2-218
IPSec proxy mismatch 2-57
ip verify reverse-path command 2-17, 2-18
L
land attack 2-16
Leaving ALLOW mode, URL Server 2-60
link state advertisement
link status `Up' or 'Down' 2-7
log bufferwraps
save to internal Flash 1-13
send to FTP server 1-13
logging
class
filtering messages by 1-14
types 1-15
device-id, including in system messages 1-18
configuring as output destination 1-8
destination address 1-9
source address 1-8
EMBLEM format 1-19
facility option 1-8
filtering
by message list 1-16
by severity level 1-5
filtering messages
by message class 1-15
logging queue, configuring 1-18
output destinations
ASDM 1-9
internal buffer 1-5
syslog server 1-7
Telnet or SSH session 1-5
queue
changing the size of 1-17
configuring 1-17
viewing queue statistics 1-18
severity level
changing 1-20
timestamp, including 1-18
logging queue
configuring 1-18
log output destinations
ASDM 1-9
email address 1-8
internal buffer 1-5
syslog server 1-5
Telnet or SSH session 1-5
loopback network, invalid source address 2-16
lost failover communications with mate 2-7
low memory 2-68
failed operation 2-68
LSA
default with wrong mask 2-95
invalid type 2-94
not found 2-70
M
MAC address mismatch 2-88
man in the middle attack 2-72
memory
block depleted 2-8
corruption 2-123
leak 2-70
low 2-68
message block alloc failed 2-8
message classes
about 1-14
list of 1-15
message list
creating 1-16
filtering by 1-16
messages
stateful failover 2-45
message severity levels, list of 1-22
MIBs 1-1
module management 2-30
monitoring
SNMP 1-1
N
no associated connection within connection table 2-15
no authentication server found 2-22
no translation group found 2-60
O
OSPF
ABR without backbone area 2-70
checksum error 2-123
configuration change 2-123
database description from unknown neighbor 2-94
database request from unknown neighbor 2-94
hello from unknown neighbor 2-94
hello packet with duplicate router ID 2-95
IDB initializatrion 2-71
invalid packet 2-93
IP routing table inconsistency 2-70
LSA
default with wrong mask 2-95
invalid type 2-94
not found 2-70
neighbor state changed 2-111
network range area changed 2-123
packet of invalid length 2-94
process reset 2-71
router ID allocation failure 2-95
router-id reset 2-71
virtual links 2-71
outbound connection denied 2-13
outbound deny command 2-13
out of address translation slots! 2-41
output destinations 1-5
internal buffer 1-5
SNMP management station 1-5
specifying 1-8
Telnet or SSH session 1-5
viewing logs 1-6
P
packet
integrity check 2-15
not matched outbound NAT rules 2-60
PAT
global address 2-15
host unspecified 2-15
power failure, failover 2-2
preallocate H323 UDP back connection 2-50
privilege level, changed 2-110, 2-111
Q
queue, logging
changing the size of 1-17
viewing statistics 1-18
R
RCMD, back connection failed 2-40
rebuilt TCP connection 2-50
request discarded 2-135
router ID allocation failure 2-95
router-ID reset 2-71
rsh command 2-40
S
SA
created 2-116
deleted 2-116
IKE requested for 2-132
security
association
breach 2-15
context
added 2-112
context cannot be determined 2-18, 2-19
removed 2-112
parameters index
self route 2-14
SETUP message 2-90
severity levels, of system messages
changing 1-5
definition 1-22
filtering by 1-5
list of 1-22
show command
blocks option 2-8
local-host option 2-91
outbound option 2-13
version option 2-91
show static command 2-39
SIP connection 2-120
skinny connection 2-120
SMTP 2-21
SNMP
management station 1-5
MIBs 1-1
overview 1-1
traps 1-2
SPI 2-86
spoofing attack 2-16, 2-17, 2-88
SSH 2-68
stateful failover 2-44, 2-45, 2-46
SYN 2-15
attack 2-39
flag 2-15
syslog server
as output destination 1-7
designating 1-7
designating more than one 1-7
EMBLEM format
configuring 1-19
enabling 1-7
system messages
alert log 2-20
classes of 1-14
list of classes 1-15
configuring in groups
by message list 1-16
by severity level 1-5
connection-related 2-14, 2-39, 2-40, 2-50
creating lists of 1-14
device ID, including 1-18
disabling logging of 1-5
filtering
by message class 1-14
format of 1-22
Mail Guard 2-21
managing in groups
by message class 1-15
creating a message list 1-14
output destinations 1-5
email address 1-8
internal buffer 1-5
syslog message server 1-5
Telnet or SSH session 1-5
severity levels 1-22
changing the severity level of a message 1-5
list of 1-22
SNMP 2-47
SSH 2-68
stateful failover 2-44, 2-45, 2-46
timestamp, including 1-18
variables used in 1-22
T
TCP
access permitted 2-134
access requested 2-134
connection limit exceeded 2-135
connections 2-134
incorrect header length 2-109
no associated connection in table 2-15
request discarded 2-135
translation creation failed 2-61
testing, interface 2-7
timeouts, recommended values 2-91
timeout uauth command 2-23
timestamp, including in system messages 1-18
too many connections on static 2-39
to translation group found for protocol 2-60
traps, SNMP 1-2
U
UDP
access permitted 2-134
connections 2-134
messages 2-61
packet 2-14
request discarded 2-135
translation creation failed 2-61
Unproxy Failed message in console 2-29
URL
buffer block space 2-60
filtering, disabled 2-60
server 2-59
user authentication, error 2-25
username
created 2-110
deleted 2-110
V
variables in system messages, list of 1-22
viewing logs 1-6
virtual links 2-71
VPN
peer limit 2-68
tunnel 2-68
VPN failover
client being disabled 2-234
CTCP flow handle error 2-241
failed to allocate chunk 2-233
failed to initialize 2-232
failed to receive message from active unit 2-244
memory allocation error 2-234
non-block message not sent 2-237
registration failure 2-233
SDI node secret file failed to synchronize 2-245
standby unit received corrupted message from active unit 2-242
state update message failure 2-242
timer error 2-235
trustpoint certification failure 2-235
trustpoint name not found 2-237
unable to add to message queue 2-241
version control block failure 2-234
W
web requests, unfiltered 2-60
Websense server 2-59
write command 2-30
erase option 2-30
standby command 2-45
standby option 2-45
write erase command 2-30