Table Of Contents
Messages Listed by Severity Level
Alert Messages, Severity 1
Critical Messages, Severity 2
Error Messages, Severity 3
Warning Messages, Severity 4
Notification Messages, Severity 5
Informational Messages, Severity 6
Debugging Messages, Severity 7
Messages Listed by Severity Level
This appendix contains the following sections:
•
Alert Messages, Severity 1
•Critical Messages, Severity 2
•Error Messages, Severity 3
•Warning Messages, Severity 4
•Notification Messages, Severity 5
•Informational Messages, Severity 6
•Debugging Messages, Severity 7
Note The Cisco ASA does not send severity 0, emergency messages as system log messages. These are analogous to a UNIX panic message, and denote an unstable system.
Alert Messages, Severity 1
The following messages appear at severity 1, alerts:
•%FWSM-1-102001: (Primary) Power failure/System reload other side.
•%FWSM-1-103002: (Primary) Other firewall network interface interface_number OK.
•%FWSM-1-103003: (Primary) Other firewall network interface interface_number failed.
•%FWSM-1-103004: (Primary) Other firewall reports this firewall failed.
•%FWSM-1-103005: (Primary) Other firewall reporting failure.
•%FWSM-1-103006: (Primary|Secondary) Mate version ver_num is not compatible with ours ver_num
•%FWSM-1-103007: (Primary|Secondary) Mate version ver_num is not identical with ours ver_num
•%FWSM-1-104001: (Primary) Switching to ACTIVE (cause: string).
•%FWSM-1-104002: (Primary) Switching to STNDBY (cause: string).
•%FWSM-1-104003: (Primary) Switching to FAILED.
•%FWSM-1-104004: (Primary) Switching to OK.
•%FWSM-1-105001: (Primary) Disabling failover.
•%FWSM-1-105002: (Primary) Enabling failover.
•%FWSM-1-105003: (Primary) Monitoring on interface interface_name waiting
•%FWSM-1-105004: (Primary) Monitoring on interface interface_name normal
•%FWSM-1-105005: (Primary) Lost Failover communications with mate on interface interface_name.
•%FWSM-1-105006: (Primary) Link status `Up' on interface interface_name.
•%FWSM-1-105007: (Primary) Link status `Down' on interface interface_name.
•%FWSM-1-105008: (Primary) Testing interface interface_name.
•%FWSM-1-105020: (Primary) Incomplete/slow config replication
•%FWSM-1-105021: (failover_unit) Standby unit failed to sync due to a locked context_name config. Lock held by lock_owner_name
•%FWSM-1-105031: Failover LAN interface is up
•%FWSM-1-105032: LAN Failover interface is down
•%FWSM-1-105034: Receive a LAN_FAILOVER_UP message from peer.
•%FWSM-1-105035: Receive a LAN failover interface down msg from peer.
•%FWSM-1-105038: (Primary) Interface count mismatch
•%FWSM-1-105039: (Primary) Unable to verify the Interface count with mate. Failover may be disabled in mate.
•%FWSM-1-105040: (Primary) Mate failover version is not compatible.
•%FWSM-1-105042: (Primary) Failover interface OK
•%FWSM-1-105043: (Primary) Failover interface failed
•%FWSM-1-105044: (Primary) Mate operational mode mode is not compatible with my mode mode.
•%FWSM-1-105045: (Primary) Mate license (number contexts) is not compatible with my license (number contexts).
•%FWSM-1-105046 (Primary|Secondary) Mate has a different chassis
•%FWSM-1-105047: Mate has a io_card_name1 card in slot slot_number which is different from my io_card_name2
•%FWSM-1-106021: Deny protocol reverse path check from source_address to dest_address on interface interface_name
•%FWSM-1-106022: Deny protocol connection spoof from source_address to dest_address on interface interface_name
•%FWSM-1-106101 The number of ACL log deny-flows has reached limit (number).
•%FWSM-1-107001: RIP auth failed from IP_address: version=number, type=string, mode=string, sequence=number on interface interface_name
•%FWSM-1-107002: RIP pkt failed from IP_address: version=number on interface interface_name
•%FWSM-1-111111 error_message
•%FWSM-1-415004:internal_sig_id Content type not found - action mime_type from source_address to dest_address
•%FWSM-1-709003: (Primary) Beginning configuration replication: Sending to mate.
•%FWSM-1-709004: (Primary) End Configuration Replication (ACT)
•%FWSM-1-709005: (Primary) Beginning configuration replication: Receiving from mate.
•%FWSM-1-709006: (Primary) End Configuration Replication (STB)
Critical Messages, Severity 2
The following messages appear at severity 2, critical:
•%FWSM-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name
•%FWSM-2-106002: protocol Connection denied by outbound list acl_ID src inside_address dest outside_address
•%FWSM-2-106006: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port on interface interface_name.
•%FWSM-2-106007: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port due to DNS {Response|Query}.
•%FWSM-2-106013: Dropping echo request from IP_address to PAT address IP_address
•%FWSM-2-106016: Deny IP spoof from (IP_address) to IP_address on interface interface_name.
•%FWSM-2-106017: Deny IP due to Land Attack from IP_address to IP_address
•%FWSM-2-106018: ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address
•%FWSM-2-106020: Deny IP teardrop fragment (size = number, offset = number) from IP_address to IP_address
•%FWSM-2-106024: Access rules memory exhausted
•%FWSM-2-108002: SMTP replaced string: out source_address in inside_address data: string
•%FWSM-2-108003: Terminating ESMTP/SMTP connection; malicious pattern detected in the mail address from source_interface:source_address/source_port to dest_interface:dest_address/dset_port. Data:string
•%FWSM-2-109011: Authen Session Start: user 'user', sid number
•%FWSM-2-112001: (string:dec) Clear complete.
•%FWSM-2-201003: Embryonic limit exceeded nconns/elimit for outside_address/outside_port (global_address) inside_address/inside_port on interface interface_name
•%FWSM-2-214001: Terminating manager session from IP_address on interface interface_name. Reason: incoming encrypted data (number bytes) longer than number bytes
•%FWSM-2-215001:Bad route_compress() call, sdb= number
•%FWSM-2-217001: No memory for string in string
•%FWSM-2-304007: URL Server IP_address not responding, ENTERING ALLOW mode.
•%FWSM-2-304008: LEAVING ALLOW mode, URL Server is up.
•%FWSM-2-709007: Configuration replication failed for command command
•%FWSM-2-713078: Temp buffer for building mode config attributes exceeded: bufsize available_size, used value
•%FWSM-2-713176: Device_type memory resources are critical, IKE key acquire message on interface interface_number, for Peer IP_address ignored
•%FWSM-2-717008: Insufficient memory to process_requiring_memory.
•%FWSM-2-717011: Unexpected event event event_ID
Error Messages, Severity 3
The following messages appear at severity 3, errors:
•%FWSM-3-105010: (Primary) Failover message block alloc failed
•%FWSM-3-106010: Deny inbound protocol src interface_name:dest_address/dest_port dst interface_name:source_address/source_port
•%FWSM-3-106011: Deny inbound (No xlate) string
•%FWSM-3-106014: Deny inbound icmp src interface_name: IP_address dst interface_name: IP_address (type dec, code dec)
•%FWSM-3-109010: Auth from inside_address/inside_port to outside_address/outside_port failed (too many pending auths) on interface interface_name.
•%FWSM-3-109013: User must authenticate before using this service
•%FWSM-3-109016: Can't find authorization ACL acl_ID for user 'user'
•%FWSM-3-109018: Downloaded ACL acl_ID is empty
•%FWSM-3-109019: Downloaded ACL acl_ID has parsing error; ACE string
•%FWSM-3-109020: Downloaded ACL has config error; ACE
•%FWSM-3-109023: User from source_address/source_port to dest_address/dest_port on interface outside_interface must authenticate before using this service.
•%FWSM-3-109026: [aaa protocol] Invalid reply digest received; shared server key may be mismatched.
•%FWSM-3-113001: Unable to open AAA session. Session limit [limit] reached.
•%FWSM-3-113018: User: user, Unsupported downloaded ACL Entry: ACL_entry, Action: action
•%FWSM-3-201002: Too many TCP connections on {static|xlate} global_address! econns nconns
•%FWSM-3-201004: Too many UDP connections on {static|xlate} global_address! udp connections limit
•%FWSM-3-201005: FTP data connection failed for IP_address IP_address
•%FWSM-3-201006: RCMD backconnection failed for IP_address/port
•%FWSM-3-201009: TCP connection limit of number for host IP_address on interface_name exceeded
•%FWSM-3-202001: Out of address translation slots!
•%FWSM-3-202005: Non-embryonic in embryonic list outside_address/outside_port inside_address/inside_port
•%FWSM-3-202011: Connection limit exceeded econns/limit for dir packet from source_address/source_port to dest_address/dest_port on interface interface_name
•%FWSM-3-208005: (function:line_num) clear command return code
•%FWSM-3-210001: LU sw_module_name error = number
•%FWSM-3-210002: LU allocate block (bytes) failed.
•%FWSM-3-210003: Unknown LU Object number
•%FWSM-3-210005: LU allocate connection failed
•%FWSM-3-210006: LU look NAT for IP_address failed
•%FWSM-3-210007: LU allocate xlate failed
•%FWSM-3-210008: LU no xlate for inside_address/inside_port outside_address/outside_port
•%FWSM-3-210010: LU make UDP connection for outside_address:outside_port inside_address:inside_port failed
•%FWSM-3-210020: LU PAT port port reserve failed
•%FWSM-3-210021: LU create static xlate global_address ifc interface_name failed
•%FWSM-3-211001: Memory allocation Error
•%FWSM-3-211003: CPU utilization for number seconds = percent
•%FWSM-3-212001: Unable to open SNMP channel (UDP port port) on interface interface_number, error code = code
•%FWSM-3-212002: Unable to open SNMP trap channel (UDP port port) on interface interface_number, error code = code
•%FWSM-3-212003: Unable to receive an SNMP request on interface interface_number, error code = code, will try again.
•%FWSM-3-212004: Unable to send an SNMP response to IP Address IP_address Port port interface interface_number, error code = code
•%FWSM-3-212005: incoming SNMP request (number bytes) on interface interface_name exceeds data buffer size, discarding this SNMP request.
•%FWSM-3-212006: Dropping SNMP request from source_address/source_port to interface_name:dest_address/dest_port because: reason.
•%FWSM-3-302019: H.323 library_name ASN Library failed to initialize, error code number
•%FWSM-3-302302: ACL = deny; no sa created
•%FWSM-3-304003: URL Server IP_address timed out URL url
•%FWSM-3-304006: URL Server IP_address not responding
•%FWSM-3-305005: No translation group found for protocol src interface_name:dest_address/dest_port dst interface_name:source_address/source_port
•%FWSM-3-305006: {outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port dst interface_name:dest_address/dest_port
•%FWSM-3-305008: Free unallocated global IP address.
•%FWSM-3-313001: Denied ICMP type=number, code=code from IP_address on interface interface_name
•%FWSM-3-313008: Denied ICMPv6 type=number, code=code from IP_address on interface interface_name
•%FWSM-3-315004: Fail to establish SSH session because RSA host key retrieval failed.
•%FWSM-3-316001: Denied new tunnel to IP_address. VPN peer limit (platform_vpn_peer_limit) exceeded
•%FWSM-3-317001: No memory available for limit_slow
•%FWSM-3-317002: Bad path index of number for IP_address, number max
•%FWSM-3-317003: IP routing table creation failure - reason
•%FWSM-3-317004: IP routing table limit warning
•%FWSM-3-317005: IP routing table limit exceeded - reason, IP_address netmask
•%FWSM-3-318001: Internal error: reason
•%FWSM-3-318002: Flagged as being an ABR without a backbone area
•%FWSM-3-318003: Reached unknown state in neighbor state machine
•%FWSM-3-318004: area string lsid IP_address mask netmask adv IP_address type number
•%FWSM-3-318005: lsid ip_address adv IP_address type number gateway gateway_address metric number network IP_address mask netmask protocol hex attr hex net-metric number
•%FWSM-3-318006: if interface_name if_state number
•%FWSM-3-318007: OSPF is enabled on interface_name during idb initialization
•%FWSM-3-318008: OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id
•%FWSM-3-319001: Acknowledge for arp update for IP address dest_address not received (number).
•%FWSM-3-319002: Acknowledge for route update for IP address dest_address not received (number).
•%FWSM-3-319003: Arp update for IP address address to NPn failed.
•%FWSM-3-319004: Route update for IP address dest_address failed (number).
•%FWSM-3-320001: The subject name of the peer cert is not allowed for connection
•%FWSM-3-322001: Deny MAC address MAC_address, possible spoof attempt on interface interface
•%FWSM-3-322002: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC Address MAC_address_2.
•%FWSM-3-322003:ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface. This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address.
•%FWSM-3-324000: Drop GTPv version message msg_type from source_interface:source_address/source_port to dest_interface:dest_address/dest_port Reason: reason
•%FWSM-3-324001: GTPv0 packet parsing error from source_interface:source_address/source_port to dest_interface:dest_address/dest_port, TID: tid_value, Reason: reason
•%FWSM-3-324002: No PDP[MCB] exists to process GTPv0 msg_type from source_interface:source_address/source_port to dest_interface:dest_address/dest_port, TID: tid_value
•%FWSM-3-324003: No matching request to process GTPv version msg_type from source_interface:source_address/source_port to source_interface:dest_address/dest_port
•%FWSM-3-324004: GTP packet with version%d from source_interface:source_address/source_port to dest_interface:dest_address/dest_port is not supported
•%FWSM-3-324005: Unable to create tunnel from source_interface:source_address/source_port to dest_interface:dest_address/dest_port
•%FWSM-3-324006:GSN IP_address tunnel limit tunnel_limit exceeded, PDP Context TID tid failed
•%FWSM-3-324007: Unable to create GTP connection for response from source_interface:source_address/0 to dest_interface:dest_address/dest_port
•%FWSM-3-325001: Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings
•%FWSM-3-326001: Unexpected error in the timer library: error_message
•%FWSM-3-326002: Error in error_message : error_message
•%FWSM-3-326004: An internal error occurred while processing a packet queue
•%FWSM-3-326005: Mrib notification failed for (IP_address, IP_address)
•%FWSM-3-326006: Entry-creation failed for (IP_address, IP_address)
•%FWSM-3-326007: Entry-update failed for (IP_address, IP_address)
•%FWSM-3-326008: MRIB registration failed
•%FWSM-3-326009: MRIB connection-open failed
•%FWSM-3-326010: MRIB unbind failed
•%FWSM-3-326011: MRIB table deletion failed
•%FWSM-3-326012: Initialization of string functionality failed
•%FWSM-3-326013: Internal error: string in string line %d (%s)
•%FWSM-3-326014: Initialization failed: error_message error_message
•%FWSM-3-326015: Communication error: error_message error_message
•%FWSM-3-326016: Failed to set un-numbered interface for interface_name (string)
•%FWSM-3-326017: Interface Manager error - string in string : string
•%FWSM-3-326019: string in string : string
•%FWSM-3-326020: List error in string : string
•%FWSM-3-326021: Error in string : string
•%FWSM-3-326022: Error in string : string
•%FWSM-3-326023: string - IP_address : string
•%FWSM-3-326024: An internal error occurred while processing a packet queue.
•%FWSM-3-326025: string
•%FWSM-3-326026: Server unexpected error: error_messsage
•%FWSM-3-326027: Corrupted update: error_messsage
•%FWSM-3-326028: Asynchronous error: error_messsage
•%FWSM-3-404102: ISAKMP: Exceeded embryonic limit
•%FWSM-3-407002: Embryonic limit nconns/elimit for through connections exceeded.outside_address/outside_port to global_address (inside_address)/inside_port on interface interface_name
•%FWSM-3-414001: Failed to save logging buffer using file name filename to FTP server ftp_server_address on interface interface_name: [fail_reason]
•%FWSM-3-414002: Failed to save logging buffer to flash:/syslog directory using file name: filename: [fail_reason]
•%FWSM-3-610001: NTP daemon interface interface_name: Packet denied from IP_address
•%FWSM-3-610002: NTP daemon interface interface_name: Authentication failed for packet from IP_address
•%FWSM-3-713008: Key ID in ID payload too big for pre-shared IKE tunnel
•%FWSM-3-713008: Key ID in ID payload too big for pre-shared IKE tunnel
•%FWSM-3-713009: OU in DN in ID payload too big for Certs IKE tunnel
•%FWSM-3-713012: Unknown protocol (protocol). Not adding SA w/spi=SPI value
•%FWSM-3-713014: Unknown Domain of Interpretation (DOI): DOI value
•%FWSM-3-713016: Unknown identification type, Phase 1 or 2, Type ID_Type
•%FWSM-3-713017: Identification type not supported, Phase 1 or 2, Type ID_Type
•%FWSM-3-713018: Unknown ID type during find of group name for certs, Type ID_Type
•%FWSM-3-713020: No Group found by matching OU(s) from ID payload: OU_value
•%FWSM-3-713022: No Group found matching peer_ID or IP_address for Pre-shared key peer IP_address
•%FWSM-3-713032: Received invalid local Proxy Range IP_address - IP_address
•%FWSM-3-713033: Received invalid remote Proxy Range IP_address - IP_address
•%FWSM-3-713042: IKE Initiator unable to find policy: Intf interface_number, Src: source_address, Dst: dest_address
•%FWSM-3-713043: Cookie/peer address IP_address session already in progress
•%FWSM-3-713047: Unsupported Oakley group: Group Diffie-Hellman group
•%FWSM-3-713048: Error processing payload: Payload ID: id
•%FWSM-3-713051: Terminating connection attempt: IPSEC not permitted for group (group_name)
•%FWSM-3-713056: Tunnel rejected: SA (SA_name) not found for group (group_name)!
•%FWSM-3-713059: Tunnel Rejected: User (user) matched with group name, group-lock check failed.
•%FWSM-3-713060: Tunnel Rejected: User (user) not member of group (group_name), group-lock check failed.
•%FWSM-3-713061: Tunnel rejected: Crypto Map Policy not found for Src:source_address, Dst: dest_address!
•%FWSM-3-713062: IKE Peer address same as our interface address IP_address
•%FWSM-3-713063: IKE Peer address not configured for destination IP_address
•%FWSM-3-713065: IKE Remote Peer did not negotiate the following: proposal attribute
•%FWSM-3-713072: Password for user (user) too long, truncating to number characters
•%FWSM-3-713081: Unsupported certificate encoding type encoding_type
•%FWSM-3-713082: Failed to retrieve identity certificate
•%FWSM-3-713083: Invalid certificate handle
•%FWSM-3-713084: Received invalid phase 1 port value (port) in ID payload
•%FWSM-3-713085: Received invalid phase 1 protocol (protocol) in ID payload
•%FWSM-3-713086: Received unexpected Certificate payload Possible invalid Auth Method (Auth method (auth numerical value))
•%FWSM-3-713088: Set Cert filehandle failure: no IPSec SA in group group_name
•%FWSM-3-713098: Aborting: No identity cert specified in IPSec SA (SA_name)!
•%FWSM-3-713102: Phase 1 ID Data length number too long - reject tunnel!
•%FWSM-3-713105: Zero length data in ID payload received during phase 1 or 2 processing
•%FWSM-3-713107: IP_Address request attempt failed!
•%FWSM-3-713109: Unable to process the received peer certificate
•%FWSM-3-713112: Failed to process CONNECTED notify (SPI SPI_value)!
•%FWSM-3-713116: Terminating connection attempt: L2TP-over-IPSEC attempted by group (group_name) but L2TP disabled
•%FWSM-3-713118: Detected invalid Diffie-Helmann group_descriptor group_number, in IKE area
•%FWSM-3-713119: PHASE 1 COMPLETED
•%FWSM-3-713122: Keep-alives configured keepalive_type but peer IP_address support keep-alives (type = keepalive_type)
•%FWSM-3-713123: IKE lost contact with remote peer, deleting connection (keepalive type: keepalive_type)
•%FWSM-3-713124: Received DPD sequence number rcv_sequence_# in DPD Action, description expected seq #
•%FWSM-3-713127: Xauth required but selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike proposal list
•%FWSM-3-713128: Connection attempt to VCPIP redirected to VCA peer IP_address via load balancing
•%FWSM-3-713129: Received unexpected Transaction Exchange payload type: payload_id
•%FWSM-3-713132: Cannot obtain an IP_address for remote peer
•%FWSM-3-713133: Mismatch: Overriding phase 2 DH Group(DH group DH group_id) with phase 1 group(DH group DH group_number
•%FWSM-3-713134: Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the L2L connection
•%FWSM-3-713138: Group group_name not found and BASE GROUP default preshared key not configured
•%FWSM-3-713140: Split Tunneling Policy requires network list but none configured
•%FWSM-3-713141: Client-reported firewall does not match configured firewall: action tunnel. Received -- Vendor: vendor(id), Product product(id), Caps: capability_value. Expected -- Vendor: vendor(id), Product: product(id), Caps: capability_value
•%FWSM-3-713142: Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected -- Vendor: vendor(id), Product product(id), Caps: capability_value
•%FWSM-3-713146: Could not add route for Hardware Client in network extension mode, address: IP_address, mask: netmask
•%FWSM-3-713149: Hardware client security attribute attribute_name was enabled but not requested.
•%FWSM-3-713152: Unable to obtain any rules from filter ACL_tag to send to client for CPP, terminating connection.
•%FWSM-3-713159: TCP Connection to Firewall Server has been lost, restricted tunnels are now allowed full network access
•%FWSM-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server
•%FWSM-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server
•%FWSM-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server
•%FWSM-3-713165: Client IKE Auth mode differs from the group's configured Auth mode
•%FWSM-3-713166: Headend security gateway has failed our user authentication attempt - check configured username and password
•%FWSM-3-713167: Remote peer has failed user authentication - check configured username and password
•%FWSM-3-713168: Re-auth enabled, but tunnel must be authenticated interactively!
•%FWSM-3-713174: Hardware Client connection rejected! Network Extension Mode is not allowed for this group!
•%FWSM-3-713182: IKE could not recognize the version of the client! IPSec Fragmentation Policy will be ignored for this connection!
•%FWSM-3-713185: Error: Username too long - connection aborted
•%FWSM-3-713186: Invalid secondary domain name list received from the authentication server. List Received: list_text Character index (value) is illegal
•%FWSM-3-713189: Attempted to assign network or broadcast IP_address, removing (IP_address) from pool.
•%FWSM-3-713193: Received packet with missing payload, Expected payload: payload_id
•%FWSM-3-713194: IKE|IPSec Delete With Reason message: termination_reason
•%FWSM-3-713195: Tunnel rejected: Originate-Only: Cannot accept incoming tunnel yet!
•%FWSM-3-713198: User Authorization failed: user User authorization failed.
•%FWSM-3-713203: IKE Receiver: Error reading from socket.
•%FWSM-3-713205: Could not add static route for client address: IP_address
•%FWSM-3-713206: Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
•%FWSM-3-713208: Cannot create dynamic rule for Backup L2L entry rule rule_id
•%FWSM-3-713209: Cannot delete dynamic rule for Backup L2L entry rule id
•%FWSM-3-713210: Cannot create dynamic map for Backup L2L entry rule_id
•%FWSM-3-713212: Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: netmask
•%FWSM-3-713214: Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask
•%FWSM-3-713217: Skipping unrecognized rule: action: action client type: client_type client version: client_version
•%FWSM-3-713218: Tunnel Rejected: Client Type or Version not allowed.
•%FWSM-3-713226: Connection failed with peer IP_address, no trust-point defined in tunnel-group tunnel_group
•%FWSM-3-717001: Querying keypair failed.
•%FWSM-3-717002: Certificate enrollment failed for trustpoint trustpoint_name. Reason: reason_string.
•%FWSM-3-717009: Certificate validation failed. Reason: reason_string.
•%FWSM-3-717010: CRL polling failed for trustpoint trustpoint_name.
•%FWSM-3-717012: Failed to refresh CRL cache entry from the server for trustpoint trustpoint_name at time_of_failure
•%FWSM-3-717015: CRL received from issuer is too large to process (CRL size = crl_size, maximum CRL size = max_crl_size)
•%FWSM-3-717017: Failed to query CA certificate for trustpoint trustpoint_name from enrollment_url
•%FWSM-3-717018: CRL received from issuer has too many entries to process (number of entries = number_of_entries, maximum number allowed = max_allowed)
•%FWSM-3-717019: Failed to insert CRL for trustpoint trustpoint_name. Reason: failure_reason.
Warning Messages, Severity 4
The following messages appear at severity 4, warning:
•%FWSM-4-106023: Deny protocol src [interface_name:source_address/source_port] dst interface_name:dest_address/dest_port [type {string}, code {code}] by access_group acl_ID
•%FWSM-4-106027:Failed to determine the security context for the packet:vlansource Vlan#:ethertype src sourceMAC dst destMAC
•%FWSM-4-109017: User at IP_address exceeded auth proxy connection limit (max)
•%FWSM-4-109022: exceeded HTTPS proxy process limit
•%FWSM-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
•%FWSM-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
•%FWSM-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
•%FWSM-4-109031: NT Domain Authentication Failed: rejecting guest login for username.
•FWSM-4-109037: Authentication cannot be done for the user from src_ip to dest_ip for application since auth_proto client is too busy
•%FWSM-4-109039: Func_ID: Uauth Unproxy Failed due to the reason: Failed_Reason
•%FWSM-4-209003: Fragment database limit of number exceeded: src = source_address, dest = dest_address, proto = protocol, id = number
•%FWSM-4-209004: Invalid IP fragment, size = bytes exceeds maximum size = bytes: src = source_address, dest = dest_address, proto = protocol, id = number
•%FWSM-4-209005: Discard IP fragment set with more than number elements: src = Too many elements are in a fragment set.
•%FWSM-4-308002: static global_address inside_address netmask netmask overlapped with global_address inside_address
•%FWSM-4-313003: Invalid destination for ICMP error
•%FWSM-4-313004:Denied ICMP type=icmp_type, from source_address oninterface interface_name to dest_address:no matching session
•%FWSM-4-325002: Duplicate address ipv6_address/MAC_address on interface
•%FWSM-4-402101: decaps: rec'd IPSEC packet has invalid spi for destaddr=dest_address, prot=protocol, spi=number
•%FWSM-4-402102: decapsulate: packet missing {AH|ESP}, destadr=dest_address, actual prot=protocol
•%FWSM-4-402103: identity doesn't match negotiated identity (ip) dest_address= dest_address, src_addr= source_address, prot= protocol, (ident) local=inside_address, remote=remote_address, local_proxy=IP_address/IP_address/port/port, remote_proxy=IP_address/IP_address/port/port
•%FWSM-4-402106: Rec'd packet not an IPSEC packet (ip) dest_address= dest_address, src_addr= source_address, prot= protocol
•%FWSM-4-404101: ISAKMP: Failed to allocate address for client from pool string
•%FWSM-4-405001: Received ARP {request | response} collision from IP_address/MAC_address on interface interface_name
•%FWSM-4-405002: Received mac mismatch collision from IP_address/MAC_address for authenticated host
•%FWSM-4-405101: Unable to Pre-allocate H225 Call Signalling Connection for foreign_address outside_address[/outside_port] to local_address inside_address[/inside_port]
•%FWSM-4-405102: Unable to Pre-allocate H245 Connection for foreign_address outside_address[/outside_port] to local_address inside_address[/inside_port]
•%FWSM-4-405103: H225 message from source_address/source_port to dest_address/dest_port contains bad protocol discriminator hex
•%FWSM-4-405104: H225 message received from outside_address/outside_port to inside_address/inside_port before SETUP
•%FWSM-4-405105: H323 RAS message AdmissionConfirm received from source_address/source_port to dest_address/dest_port without an AdmissionRequest
•%FWSM-4-405201: ILS ILS_message_type from inside_interface:source_IP_address to outside_interface:/destination_IP_address has wrong embedded address embedded_IP_address
•%FWSM-4-406001: FTP port command low port: IP_address/port to IP_address on interface interface_name
•%FWSM-4-406002: FTP port command different address: IP_address(IP_address) to IP_address on interface interface_name
•%FWSM-4-407001: Deny traffic for local-host interface_name:inside_address, license limit of number exceeded
•%FWSM-4-407003: Established limit for RPC services exceeded number
•%FWSM-4-408001: IP route counter negative - reason, IP_address Attempt: number
•%FWSM-4-408002: ospf process id route type update address1 netmask1 [distance1/metric1] via source IP:interface1 address2 netmask2 [distance2/metric2] interface2
•%FWSM-4-409001: Database scanner: external LSA IP_address netmask is lost, reinstalls
•%FWSM-4-409002: db_free: external LSA IP_address netmask
•%FWSM-4-409003: Received invalid packet: reason from IP_address, interface_name
•%FWSM-4-409004: Received reason from unknown neighbor IP_address
•%FWSM-4-409005: Invalid length number in OSPF packet from IP_address (ID IP_address), interface_name
•%FWSM-4-409006: Invalid lsa: reason Type number, LSID IP_address from IP_address, IP_address, interface_name
•%FWSM-4-409007: Found LSA with the same host bit set but using different mask LSA ID IP_address netmask New: Destination IP_address netmask
•%FWSM-4-409008: Found generating default LSA with non-zero mask LSA type : number Mask: netmask metric : number area : string
•%FWSM-4-409009: OSPF process number cannot start. There must be at least one up IP interface, for OSPF to use as router ID
•%FWSM-4-409010: Virtual link information found in non-backbone area: string
•%FWSM-4-409011: OSPF detected duplicate router-id IP_address from IP_address on interface interface_name
•%FWSM-4-409012: Detected router with duplicate router ID IP_address in area string
•%FWSM-4-409013: Detected router with duplicate router ID IP_address in Type-4 LSA advertised by IP_address
•%FWSM-4-409023: Attempting AAA Fallback method method_name for request_type request for user user :Auth-server group server_tag unreachable
•%FWSM-4-410001: UDP DNS request from source_interface:source_address/source_port to dest_interface:dest_address/dest_port; (label length | domain-name length) 52 bytes exceeds remaining packet length of 44 bytes.
•%FWSM-4-411001:Line protocol on interface interface_name changed state to up
•%FWSM-4-411002:Line protocol on interface interface_name changed state to down
•%FWSM-4-411003: Configuration status on interface interface_name changed state to administratively down
•%FWSM-4-411004: Configuration status on interface interface_name changed state to up
•%FWSM-4-412001:MAC MAC_address moved from interface_1 to interface_2
•%FWSM-4-412002:Detected bridge table full while inserting MAC MAC_address on interface interface. Number of entries = num
•%FWSM-4-415012:internal_sig_id HTTP Deobfuscation signature detected - action HTTP deobfuscation detected IPS evasion technique from source_address to dest_address
•%FWSM-4-415014:internal_sig_id unanswered HTTP requests exceeded from source_address to dest_address
•%FWSM-4-416001: Dropped UDP SNMP packet from source_interface :source_IP/source_port to dest_interface:dest_address/dest_port; version (prot_version) is not allowed through the firewall
•%FWSM-4-417001: Unexpected event received: number
•%FWSM-4-417004: Filter violation error: conn number (string:string) in string
•%FWSM-4-417006: No memory for string) in string. Handling: string
•%FWSM-4-418001: Through-the-device packet to/from management-only network is denied: protocol_string from interface_name IP_address (port) to interface_name IP_address (port)
•%FWSM-4-500004: Invalid transport field for protocol=protocol, from source_address/source_port to dest_address/dest_port
•%FWSM-4-507002: Data copy in proxy-mode exceeded the buffer limit
•%FWSM-4-612002: Auto Update failed:filename, version:number, reason:reason
•%FWSM-4-612003:Auto Update failed to contact:url, reason:reason
•%FWSM-4-620002: Unsupported CTIQBE version: hex: from interface_name:IP_address/port to interface_name:IP_address/port
•%FWSM-4-713154: DNS lookup for peer_description Server [server_name] failed!
•%FWSM-4-713157: Timed out on initial contact to server [server_name or IP_address] Tunnel could not be established.
•%FWSM-4-713903:Descriptive_event_string.
•%FWSM-4-720001: (VPN-unit) Failed to initialize with Chunk Manager.
•%FWSM-4-720007: (VPN-unit) Failed to allocate chunk from Chunk Manager.
•%FWSM-4-720008: (VPN-unit) Failed to register to High Availability Framework.
•%FWSM-4-720009: (VPN-unit) Failed to create version control block.
•%FWSM-4-720011: (VPN-unit) Failed to allocate memory
•%FWSM-4-720013: (VPN-unit) Failed to insert certificate in trust point trustpoint_name
Notification Messages, Severity 5
The following messages appear at severity 5, notifications:
•%FWSM-5-109012: Authen Session End: user 'user', sid number, elapsed number seconds
•%FWSM-5-111003: IP_address Erase configuration
•%FWSM-5-111004: IP_address end configuration: {FAILED|OK}
•%FWSM-5-111005: IP_address end configuration: OK
•%FWSM-5-111007: Begin configuration: IP_address reading from device.
•%FWSM-5-111008: User user executed the command string
•%FWSM-5-199001: Reload command executed from telnet (remote IP_address).
•%FWSM-5-199006: Orderly reload started at when by whom. Reload reason: reason
•%FWSM-5-1999007:IP detected an attached application using port port while removing context
•%FWSM-5-1999008:Protocol detected an attached application using local port local_port and destination port dest_port
•%FWSM-5-303004: FTP cmd_string command unsupported - failed strict inspection, terminating connection from source_interface:source_address/source_port to dest_interface:dest_address/dest_interface
•%FWSM-5-304001: user source_address Accessed {JAVA URL|URL} dest_address: url.
•%FWSM-5-304002: Access denied URL chars SRC IP_address DEST IP_address: chars
•%FWSM-5-321001: Resource var1 limit of var2 reached.
•%FWSM-5-321002: Resource var1 rate limit of var2 reached.
•%FWSM-5-415001:internal_sig_id HTTP Tunnel detected - action tunnel_type from source_address to dest_address
•%FWSM-5-415002:internal_sig_id HTTP Instant Messenger detected - action instant_messenger_type from source_address to dest_address
•%FWSM-5-415003:internal_sig_id HTTP Peer-to-Peer detected - action peer_to_peer_type from source_address to dest_address
•%FWSM-5-415005:Internal_Sig_Id Content type does not match specified type - Action Content Verification Failed from source_address to Dst_IP_Address
•%FWSM-5-415007:internal_sig_id HTTP Extension method detected - action `method_name' from source_address to dest_address
•%FWSM-5-415008:internal_sig_id HTTP RFC method detected - action `method_name' from source_address to dest_address
•%FWSM-5-415010:internal_sig_id HTTP protocol violation detected - action HTTP Protocol not detected from source_address to dest_address
•%FWSM-5-415013:internal_sig_id HTTP Transfer encoding violation detected - action Xfer_encode Transfer encoding not allowed from source_address to dest_address
•%FWSM-5-500001: ActiveX content modified src IP_address dest IP_address on interface interface_name.
•%FWSM-5-500002: Java content modified src IP_address dest IP_address on interface interface_name.
•%FWSM-5-500003: Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port, flags: tcp_flags, on interface interface_name
•%FWSM-5-505001: Module in slot slotnum is shutting down. Please wait...
•%FWSM-5-505002: Module in slot slotnum is reloading. Please wait...
•%FWSM-5-505003: Module in slot slotnum is resetting. Please wait...
•%FWSM-5-505004: Module in slot slotnum shutdown is complete.
•%FWSM-5-505005: Module in slot slotnum is initializing control communication. Please wait...
•%FWSM-5-505006: Module in slot slotnum is Up.
•%FWSM-5-505007: Module in slot slotnum is recovering. Please wait...
•%FWSM-5-506001: event_source_string event_string
•%FWSM-5-501101: User transitioning priv level
•%FWSM-5-502101: New user added to local dbase: Uname: user Priv: privilege_level Encpass: string
•%FWSM-5-502102: User deleted from local dbase: Uname: user Priv: privilege_level Encpass: string
•%FWSM-5-502103: User priv level changed: Uname: user From: privilege_level To: privilege_level
•%FWSM-5-502111: New group policy added: name: policy_name Type: policy_type
•%FWSM-5-502112: Group policy deleted: name: policy_name Type: policy_type
•%FWSM-5-503001: Process number, Nbr IP_address on interface_name from string to string, reason
•%FWSM-5-504001: Security context context_name was added to the system
•%FWSM-5-504002: Security context context_name was removed from the system
•%FWSM-5-507001: Terminating TCP-Proxy connection from interface_inside:source_address/source_port to interface_outside:dest_address/dest_port - reassembly limit of limit bytes exceeded
•%FWSM-5-612001: Auto Update succeeded:filename, version:number
•%FWSM-5-713006: Failed to obtain state for message Id message_number, Peer Address: IP_address
•%FWSM-5-713010: IKE area: failed to find centry for message Id message_number
•%FWSM-5-713041: IKE Initiator: new or rekey Phase 1 or 2, Intf interface_number, IKE Peer IP_address local Proxy Address IP_address, remote Proxy Address IP_address, Crypto map (crypto map tag)
•%FWSM-5-713049: Security negotiation complete for tunnel_type type (group_name) Initiator/Responder, Inbound SPI = SPI, Outbound SPI = SPI
•%FWSM-5-713050: Connection terminated for peer IP_address. Reason: termination reason Remote Proxy IP_address, Local Proxy IP_address
•%FWSM-5-713068: Received non-routine Notify message: notify_type (notify_value)
•%FWSM-5-713073: Responder forcing change of Phase 1/Phase 2 rekeying duration from larger_value to smaller_value seconds
•%FWSM-5-713074: Responder forcing change of IPSec rekeying duration from larger_value to smaller_value Kbs
•%FWSM-5-713075: Overriding Initiator's IPSec rekeying duration from larger_value to smaller_value seconds
•%FWSM-5-713076: Overriding Initiator's IPSec rekeying duration from larger_value to smaller_value Kbs
•%FWSM-5-713092: Failure during phase 1 rekeying attempt due to collision
•%FWSM-5-713115: Client rejected NAT enabled IPSec request, falling back to standard IPSec
•%FWSM-5-713130: Received unsupported transaction mode attribute: attribute id
•%FWSM-5-713131: Received unknown transaction mode attribute:
