The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.
Learn more
about how Cisco is using Inclusive Language.
%ASA-1-103003: (Primary) Other firewall network interface interface_number failed.
%ASA-1-103004: (Primary) Other firewall reports this firewall failed. Reason: reason-string.
%ASA-1-103005: (Primary) Other firewall reporting failure. Reason: SSM card failure.
%ASA-1-103006: (Primary|Secondary) Mate version ver_num is not compatible with ours ver_num.
%ASA-1-103007: (Primary|Secondary) Mate version ver_num is not identical with ours ver_num%ASA-1-104001: (Primary) Switching
to ACTIVE (cause: string).
%ASA-1-103008: Mate hwdib index is not compatible.
%ASA-1-104002: (Primary) Switching to STANDBY (cause: string).
%ASA-1-104003: (Primary) Switching to FAILED.
%ASA-1-104004: (Primary) Switching to OK.
%ASA-1-104501: (Primary|Secondary) Switching to ACTIVE (cause: reason)
%ASA-1-105005: (Primary) Lost Failover communications with mate on interface interface_name.
%ASA-1-105006: (Primary) Link status Up on interface interface_name.
%ASA-1-105007: (Primary) Link status Down on interface interface_name.
%ASA-1-105008: (Primary) Testing interface interface_name.
%ASA-1-105009: (Primary) Testing on interface interface_name {Passed|Failed}.
%ASA-1-105011: (Primary) Failover cable communication failure
%ASA-1-105020: (Primary) Incomplete/slow config replication
%ASA-1-105021: (failover_unit) Standby unit failed to sync due to a locked context_name config. Lock held by lock_owner_name.
%ASA-1-105031: Failover LAN interface is up.
%ASA-1-105032: LAN Failover interface is down.
%ASA-1-105033: LAN FO cmd Iface down and up again.
%ASA-1-105034: Receive a LAN_FAILOVER_UP message from peer.
%ASA-1-105035: Receive a LAN failover interface down msg from peer.
%ASA-1-105036: dropped a LAN Failover command message.
%ASA-1-105037: The primary and standby units are switching back and forth as the active unit.
%ASA-1-105039: (Primary) Unable to verify the Interface count with mate. Failover may be disabled in mate.
%ASA-1-105040: (Primary) Mate failover version is not compatible.
%ASA-1-105044: (Primary) Mate operational mode mode is not compatible with my mode mode.
%ASA-1-105045: (Primary) Mate license (number contexts) is not compatible with my license (number contexts).
%ASA-1-105046 (Primary|Secondary) Mate has a different chassis.
%ASA-1-105047: Mate has a io_card_name1 card in slot slot_number which is different from my io_card_name2
%ASA-1-105048: (unit) Mate’s service module (application) is different from mine (application).
%ASA-1-105502: (Primary|Secondary) Restarting Cloud HA on this unit, reason: string.
%ASA-1-106021: Deny protocol reverse path check from source_address to dest_address on interface interface_name.
%ASA-1-106022: Deny protocol connection spoof from source_address to dest_address on interface interface_name.
%ASA-1-106101: Number of cached deny-flows for ACL log has reached limit (number).
%ASA-1-107001: RIP auth failed from IP_address: version=number, type=string, mode=string, sequence=number on interface interface_name.
%ASA-1-107002: RIP pkt failed from IP_address: version=number on interface interface_name.
%ASA-1-111111 error_message.
%ASA-1-114001: Failed to initialize 4GE SSM I/O card (error error_string).
%ASA-1-114002: Failed to initialize SFP in 4GE SSM I/O card (error error_string).
%ASA-1-114003: Failed to run cached commands in 4GE SSM I/O card (error error_string).
%ASA-1-1199012: Stack smash during new_stack_call in process/fiber process/fiber, call target f, stack size s, process/fiber
name of the process/fiber that caused the stack smash.
%ASA-1-199010: Signal 11 caught in process/fiber(rtcli async executor process)/(rtcli async executor) at address 0xf132e03b,
corrective action at 0xca1961a0%ASA-1-199013: syslog.
%ASA-1-199021: System memory utilization has reached the configured watchdog trigger level of Y%. System will now reload.
%ASA-1-211004: WARNING: Minimum Memory Requirement for ASA version ver not met for ASA image. min MB required, actual MB found.
%ASA-n-216001: internal error in: function: message
%ASA-1-216005: ERROR: Duplex-mismatch on interface_name resulted in transmitter lockup. A soft reset of the switch was performed.
%ASA-1-323006: Module ips experienced a data channel communication failure, data channel is DOWN.
%ASA-1-332004: Web Cache IP_address/service_ID lost.
%ASA-1-413007: An unsupported ASA and IPS configuration is installed. mpc_description with ips_description is not supported.
%ASA-1-413008: There was a backplane PCI communications failure with module module_description_string in slot slot_num.
%ASA-1-505011: Module ips data channel communication is UP.
%ASA-1-505014: Module module_id, application down name, version version reason.
%ASA-1-505015: Module module_id, application up application, version version.
%ASA-1-709003: (Primary) Beginning configuration replication: Sending to mate.
%ASA-1-709004: (Primary) End Configuration Replication (ACT).
%ASA-1-709005: (Primary) Beginning configuration replication: Receiving from mate.
%ASA-1-709006: (Primary) End Configuration Replication (STB).
%ASA-1-716516: internal error in: function: OCCAM has corrupted ROL array. Cannot continue terminating.
%ASA-1-716519: internal error in: function: OCCAM has corrupted pool list. Cannot continue terminating.
%ASA-1-716528: Unexpected fiber scheduler error; possible out-of-memory condition.
%ASA-1-717049: Local CA Server certificate is due to expire in number days and a replacement certificate is available for
export.
%ASA-1-717054: The type certificate in the trustpoint tp name is due to expire in number days. Expiration date and time Subject
Name subject name Issuer Name issuer name Serial Number serial number.
%ASA-1-717055: The type certificate in the trustpoint tp name has expired. Expiration date and time Subject Name subject
name Issuer Name issuer name Serial Number serial number.
%ASA-1-735001 Cooling Fan var1: OK.
%ASA-1-735002 Cooling Fan var1: Failure Detected.
%ASA-1-735003 Power Supply var1: OK.
%ASA-1-735004 Power Supply var1: Failure Detected.
%ASA-1-735005 Power Supply Unit Redundancy OK.
%ASA-1-735006 Power Supply Unit Redundancy Lost.
%ASA-1-735007 CPU var1: Temp: var2 var3, Critical.
%ASA-1-735012: Power Supply var1: Fan Failure Detected.
%ASA-1-735013: Voltage Channel var1: Voltage OK.
%ASA-1-735014: Voltage Channel var1: Voltage Critical.
%ASA-1-735017: Power Supply var1: Temp: var2 var3, OK.
%ASA-1-735020: CPU var1: Temp: var2 var3 OK.
%ASA-1-735021: Chassis var1: Temp: var2 var3 OK.
%ASA-1-735022: CPU# is running beyond the max thermal operating temperature and the device will be shutting down immediately
to prevent permanent damage to the CPU.
%ASA-1-735027: CPU cpu_num Voltage Regulator is running beyond the max thermal operating temperature and the device will be
shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues.
%ASA-1-735029: IO Hub is running beyond the max thermal operating temperature and the device will be shutting down immediately
to prevent permanent damage to the circuit.
%ASA-1-743000: The PCI device with vendor ID: vendor_id device ID: device_id located at bus:device.function bus_num:dev_num,
func_num has a link link_attr_name of actual_link_attr_val when it should have a link link_attr_name of expected_link_attr_val.
%ASA-1-743001: Backplane health monitoring detected link failure.
%ASA-1-743002: Backplane health monitoring detected link OK.
%ASA-1-743004: System is not fully operational - PCI device with vendor ID vendor_id (vendor_name), device ID device_id (device_name)
not found.
%ASA-1-770002: Resource resource allocation is more than the permitted limit for this platform. ASA will be rebooted.
%ASA-2-105506: (Primary|Secondary) Unable to create socket on port port for (failover connection | load balancer probes),
error: error_string
%ASA-2-105507: (Primary|Secondary) Unable to bind socket on port port for (failover connection | load balancer probes), error:
error_string
%ASA-2-105532: (Primary|Secondary) Unexpected status in response to route-table change request for route-table route_table_name:
status_string
%ASA-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name
%ASA-2-106002: protocol Connection denied by outbound list acl_ID src inside_address dest outside_address
%ASA-2-106006: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port on interface interface_name.
%ASA-2-106007: Deny inbound UDP from outside_address/outside_port to inside_address/inside_port due to DNS {Response|Query}.
%ASA-2-106013: Dropping echo request from IP_address to PAT address IP_address
%ASA-2-106016: Deny IP spoof from (IP_address) to IP_address on interface interface_name.
%ASA-2-106017: Deny IP due to Land Attack from IP_address to IP_address
%ASA-2-106018: ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address
%ASA-2-106020: Deny IP teardrop fragment (size = number, offset = number) from IP_address to IP_address
%ASA-2-106024: Access rules memory exhausted
%ASA-2-108002: SMTP replaced string: out source_address in inside_address data: string
%ASA-2-108003: Terminating ESMTP/SMTP connection; malicious pattern detected in the mail address from source_interface:source_address/source_port
to dest_interface:dest_address/dset_port. Data:string
%ASA-2-109011: Authen Session Start: user 'user', sid number
%ASA-2-112001: (string:dec) Clear complete.
%ASA-2-113022: AAA Marking RADIUS server servername in aaa-server group AAA-Using-DNS as FAILED
%ASA-2-113023: AAA Marking protocol server ip-addr in server group tag as ACTIVE
%ASA-2-113027: Username could not be found in certificate
%ASA-2-115000: Critical assertion in process: process name fiber: fiber name, component: component name, subcomponent: subcomponent
name, file: filename, line: line number, cond: condition
%ASA-2-199011: Close on bad channel in process/fiber process/fiber, channel ID p, channel state s process/fiber name of the
process/fiber that caused the bad channel close operation.
%ASA-2-199014: syslog
%ASA-2-199020: System memory utilization has reached X%. System will reload if memory usage reaches the configured trigger
level of Y%.
%ASA-2-201003: Embryonic limit exceeded nconns/elimit for outside_address/outside_port (global_address) inside_address/inside_port
on interface interface_name
%ASA-2-214001: Terminating manager session from IP_address on interface interface_name. Reason: incoming encrypted data (number
bytes) longer than number bytes
%ASA-2-215001:Bad route_compress() call, sdb= number
%ASA-2-217001: No memory for string in string
%ASA-2-218001: Failed Identification Test in slot# [fail#/res].
%ASA-2-218002: Module (slot#) is a registered proto-type for Cisco Lab use only, and not certified for live network operation.
%ASA-2-218003: Module Version in slot# is obsolete. The module in slot = slot# is obsolete and must be returned via RMA to
Cisco Manufacturing. If it is a lab unit, it must be returned to Proto Services for upgrade.
%ASA-2-218004: Failed Identification Test in slot# [fail#/res]
%ASA-2-218005: Inconsistency detected in the system information programmed in non-volatile memory
%ASA-2-304007: URL Server IP_address not responding, ENTERING ALLOW mode.
%ASA-2-304008: LEAVING ALLOW mode, URL Server is up.
%ASA-2-321005: System CPU utilization reached utilization %
%ASA-2-321006: System memory usage reached utilization %
%ASA-2-410002: Dropped num DNS responses with mis-matched id in the past sec second(s): from src_ifc:sip/sport to dest_ifc:dip/dport
%ASA-2-444004: Temporary license key key has expired. Applying permanent license key permkey
%ASA-2-444007: Timebased activation key activation-key has expired. Reverting to [permanent | timebased] license key. The
following features will be affected: feature, feature
%ASA-2-444009: %s license has expired 30 days ago. The system will now reload.
%ASA-2-444102: Shared license service inactive. License server is not responding
%ASA-2-444105: Released value shared licensetype license(s). License server has been unreachable for 24 hours
%ASA-2-444111: Shared license backup service has been terminated due to the primary license server address being unavailable
for more than days days. The license server needs to be brought back online to continue using shared licensing.
%ASA-2-709007: Configuration replication failed for command command
%ASA-2-713078: Temp buffer for building mode config attributes exceeded: bufsize available_size, used value
%ASA-2-713176: Device_type memory resources are critical, IKE key acquire message on interface interface_number, for Peer
IP_address ignored
%ASA-2-713901: Descriptive_text_string.
%ASA-2-716500: internal error in: function: Fiber library cannot locate AK47 instance
%ASA-2-716501: internal error in: function: Fiber library cannot attach AK47 instance
%ASA-2-716502: internal error in: function: Fiber library cannot allocate default arena
%ASA-2-716503: internal error in: function: Fiber library cannot allocate fiber descriptors pool
%ASA-2-716504: internal error in: function: Fiber library cannot allocate fiber stacks pool
%ASA-2-716505: internal error in: function: Fiber has joined fiber in unfinished state
%ASA-2-716506: UNICORN_SYSLOGID_JOINED_UNEXPECTED_FIBER
%ASA-2-716512: internal error in: function: Fiber has joined fiber waited upon by someone else
%ASA-2-716513: internal error in: function: Fiber in callback blocked on other channel
%ASA-2-716515: internal error in: function: OCCAM failed to allocate memory for AK47 instance
%ASA-2-716517: internal error in: function: OCCAM cached block has no associated arena
%ASWA-2-716518: internal error in: function: OCCAM pool has no associated arena
%ASA-2-716520: internal error in: function: OCCAM pool has no block list
%ASA-2-716521: internal error in: function: OCCAM no realloc allowed in named pool
%ASA-2-716522: internal error in: function: OCCAM corrupted standalone block
%ASA-2-716525: UNICORN_SYSLOGID_SAL_CLOSE_PRIVDATA_CHANGED
%ASA-2-716526: UNICORN_SYSLOGID_PERM_STORAGE_SERVER_LOAD_FAIL
%ASA-2-716527: UNICORN_SYSLOGID_PERM_STORAGE_SERVER_STORE_FAI
%ASA-2-717008: Insufficient memory to process_requiring_memory.
%ASA-2-717011: Unexpected event event event_ID
%ASA-2-717040: Local CA Server has failed and is being disabled. Reason: reason.
%ASA-2-735009: IPMI: Environment Monitoring has failed initialization and configuration. Environment Monitoring is not running.
%ASA-2-735023: ASA was previously shutdown due to the CPU complex running beyond the maximum thermal operating temperature.
The chassis needs to be inspected immediately for ventilation issues.
%ASA-2-735028: ASA was previously shutdown due to a CPU Voltage Regulator running beyond the max thermal operating temperature.
The chassis and CPU need to be inspected immediately for ventilation issues.
%ASA-2-736001: Unable to allocate enough memory at boot for jumbo-frame reservation. Jumbo-frame support has been disabled.
%ASA-2-747009: Clustering: Fatal error due to failure to create RPC server for module module name.
%ASA-2-747011: Clustering: Memory allocation error.%ASA-2-752001: Tunnel Manager received invalid parameter to remove record.
%ASA-2-748007: Failed to de-bundle the ports for module slot_number in chassis chassis_number; traffic may be black holed
%ASA-2-752001: Tunnel Manager received invalid parameter to remove record.
%ASA-2-752005: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Memory may be low. Map Tag = mapTag. Map Sequence
Number = mapSeq.
%ASA-2-772003: PASSWORD: session login failed, user username, IP ip, cause: password expired
%ASA-2-772006: REAUTH: user username failed authentication
%ASA-2-774001: POST: unspecified error
%ASA-2-774002: POST: error err, func func, engine eng, algorithm alg, mode mode, dir dir, key len len
%ASA-2-775007: Scansafe: Primary server_interface_name:server_ip_address and backup server_interface_name:server_ip_address
servers are not reachable.
%ASA-3-105511: (Primary|Secondary) Incomplete read of message header of message from peer unit peer-ip: bytes bytes read of
expected header_length header bytes
%ASA-3-105513: (Primary|Secondary) Incomplete read of message body of message from peer unit peer-ip: bytes bytes read of
expected message_length message body bytes
%ASA-3-105514: (Primary|Secondary) Error occurred when responding to message_name message received from peer unit peer-ip,
error: error_string
%ASA-3-105516: (Primary|Secondary) Incomplete read of message header of message_name message from peer unit peer-ip: bytes
bytes read of expected header_length header bytes
%ASA-3-105518: (Primary|Secondary) Incomplete read of message body of message_name message from peer unit peer-ip: bytes bytes
read of expected message_length message body bytes
%ASA-3-105519: (Primary|Secondary) Invalid response to message_name message received from peer unit peer-ip: type message_type,
version message_version, length message_length
%ASA-3-109010: Auth from inside_address/inside_port to outside_address/outside_port failed (too many pending auths) on interface
interface_name.
%ASA-3-109013: User must authenticate before using this service
%ASA-3-109016: Can't find authorization ACL acl_ID for user 'user'
%ASA-3-109018: Downloaded ACL acl_ID is empty
%ASA-3-109019: Downloaded ACL acl_ID has parsing error; ACE string
%ASA-3-109020: Downloaded ACL has config error; ACE
%ASA-3-109023: User from source_address/source_port to dest_address/dest_port on interface outside_interface must authenticate
before using this service.
%ASA-3-109026: [aaa protocol] Invalid reply digest received; shared server key may be mismatched.
%ASA-3-109032: Unable to install ACL access_list, downloaded for user username; Error in ACE: ace.
%ASA-3-109035: Exceeded maximum number (<max_num>) of DAP attribute instances for user <user>
%ASA-3-109037: Exceeded 5000 attribute values for the attribute name attribute for user username
%ASA-3-109038: Attribute internal-attribute-name value string-from-server from AAA server could not be parsed as a type internal-attribute-name
string representation of the attribute name
%ASA-3-109103: CoA action-type from coa-source-ip failed for user username, with session ID: audit-session-id.
%ASA-3-109104: CoA action-type from coa-source-ip failed for user username, session ID: audit-session-id. Action not supported.
%ASA-3-109105: Failed to determine the egress interface for locally generated traffic destined to <protocol> <IP>:<port>
%ASA-3-113001: Unable to open AAA session. Session limit [limit] reached.
%ASA-3-201002: Too many TCP connections on {static|xlate} global_address! econns nconns
%ASA-3-201004: Too many UDP connections on {static|xlate} global_address! udp connections limit
%ASA-3-201005: FTP data connection failed for IP_address IP_address
%ASA-3-201006: RCMD backconnection failed for IP_address/port.
%ASA-3-201008: Disallowing new connections.
%ASA-3-201009: TCP connection limit of number for host IP_address on interface_name exceeded
%ASA-3-201011: Connection limit exceeded cnt/limit for dir packet from sip/sport to dip/dport on interface if_name.
%ASA-3-201013: Per-client connection limit exceeded curr num/limit for [input|output] packet from ip/port to ip/port on interface
interface_name
%ASA-3-202001: Out of address translation slots!
%ASA-3-202005: Non-embryonic in embryonic list outside_address/outside_port inside_address/inside_port
%ASA-3-202010: [NAT | PAT] pool exhausted for pool-name, port range [1-511 | 512-1023 | 1024-65535]. Unable to create protocol
connection from in-interface:src-ip/src-port to out-interface:dst-ip/dst-port
%ASA-3-202016: "%d: Unable to pre-allocate SIP %s secondary channel for message " \ "from %s:%A/%d to %s:%A/%d with PAT and
missing port information."
%ASA-3-210005: LU allocate secondary(optional) connection failed for protocol[TCP|UDP] connection from ingress interface
name:Real IP Address/Real Port to egress interface name:Real IP Address/Real Port
%ASA-3-210006: LU look NAT for IP_address failed
%ASA-3-210007: LU allocate xlate failed for type[static | dynamic]-[NAT | PAT] secondary(optional) protocol translation from
ingress interface name:Real IP Address/real port (Mapped IP Address/Mapped Port) to egress interface name:Real IP Address/Real
Port (Mapped IP Address/Mapped Port)
%ASA-3-210008: LU no xlate for inside_address/inside_port outside_address/outside_port
%ASA-3-210010: LU make UDP connection for outside_address:outside_port inside_address:inside_port failed
%ASA-3-210020: LU PAT port port reserve failed
%ASA-3-210021: LU create static xlate global_address ifc interface_name failed
%ASA-3-211001: Memory allocation Error
%ASA-3-211003: Error in computed percentage CPU usage value
%ASA-3-212001: Unable to open SNMP channel (UDP port port) on interface interface_number, error code = code
%ASA-3-212002: Unable to open SNMP trap channel (UDP port port) on interface interface_number, error code = code
%ASA-3-212003: Unable to receive an SNMP request on interface interface_number, error code = code, will try again.
%ASA-3-212004: Unable to send an SNMP response to IP Address IP_address Port port interface interface_number, error code
= code
%ASA-3-212005: incoming SNMP request (number bytes) on interface interface_name exceeds data buffer size, discarding this
SNMP request.
%ASA-3-212006: Dropping SNMP request from src_addr/src_port to ifc:dst_addr/dst_port because: reason username.
%ASA-3-212010: Configuration request for SNMP user %s failed. Host %s reason.
%ASA-3-212011: SNMP engineBoots is set to maximum value. Reason: %s User intervention necessary.
%ASA-3-212012: Unable to write SNMP engine data to persistent storage.
%ASA-3-213001: PPTP control daemon socket io string, errno = number.
%ASA-3-302019: H.323 library_name ASN Library failed to initialize, error code number
%ASA-3-302302: ACL = deny; no sa created
%ASA-3-304003: URL Server IP_address timed out URL url
%ASA-3-304006: URL Server IP_address not responding
%ASA-3-305005: No translation group found for protocol src interface_name: source_address/source_port [(idfw_user)] dst interface_nam:
dest_address/dest_port [(idfw_user)]
%ASA-3-305008: Free unallocated global IP address.
%ASA-3-305016: Unable to create protocol connection from real_interface:real_host_ip/real_source_port to real_dest_interface:real_dest_ip/real_dest_port
due to reason.
%ASA-3-305017: Pba-interim-logging: Active ICMP block of ports for translation from <source device IP> to <destination device
IP>/<Active Port Block >
%ASA-3-305019: MAP node address <ip>/<port> has inconsistent Port Set ID encoding
%ASA-3-313001: Denied ICMP type=number, code=code from IP_address on interface interface_name
%ASA-3-313008: Denied ICMPv6 type=number, code=code from IP_address on interface interface_name
%ASA-3-315004: Fail to establish SSH session because RSA host key retrieval failed.
%ASA-3-315012: Weak SSH type (alg) provided from client ‘IP’ on interface int. Connection failed. Not FIPS 140-2 compliant
%ASA-3-316001: Denied new tunnel to IP_address. VPN peer limit (platform_vpn_peer_limit) exceeded
%ASA-3-318107: OSPF is enabled on %IF_NAME during idb initialization
%ASA-3-318108: OSPF process %d is changing router-id. Reconfigure virtual link neighbors with our new router-id
%ASA-3-318109: OSPFv3 has received an unexpected message: %0x/%0x
%ASA-3-318110: Invalid encrypted key %s.
%ASA-3-318111: SPI %u is already in use with ospf process %d
%ASA-3-318112: SPI %u is already in use by a process other than ospf process %d.
%ASA-3-318113: %s %s is already configured with SPI %u.
%ASA-3-318114: The key length used with SPI %u is not valid
%ASA-3-318115: %s error occured when attempting to create an IPsec policy for SPI %u
%ASA-3-318116: SPI %u is not being used by ospf process %d.
%ASA-3-318117: The policy for SPI %u could not be removed because it is in use.
%ASA-3-318118: %s error occured when attemtping to remove the IPsec policy with SPI %u
%ASA-3-318119: Unable to close secure socket with SPI %u on interface %s
%ASA-3-318120: OSPFv3 was unable to register with IPsec
%ASA-3-318121: IPsec reported a GENERAL ERROR: message %s, count %d
%ASA-3-318122: IPsec sent a %s message %s to OSPFv3 for interface %s. Recovery attempt %d .
%ASA-3-318123: IPsec sent a %s message %s to OSPFv3 for interface %IF_NAME. Recovery aborted
%ASA-3-318125: Init failed for interface %IF_NAME
%ASA-3-318126: Interface %IF_NAME is attached to more than one area
%ASA-3-318127: Could not allocate or find the neighbor
%ASA-3-319001: Acknowledge for arp update for IP address dest_address not received (number).
%ASA-3-319002: Acknowledge for route update for IP address dest_address not received (number).
%ASA-3-319003: Arp update for IP address address to NPn failed.
%ASA-3-319004: Route update for IP address dest_address failed (number).
%ASA-3-320001: The subject name of the peer cert is not allowed for connection
%ASA-3-321007: System is low on free memory blocks of size block_size (free_blocks CNT out of max_blocks MAX)
%ASA-3-322001: Deny MAC address MAC_address, possible spoof attempt on interface interface
%ASA-3-322002: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface.
This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC
Address MAC_address_2.
%ASA-3-322003:ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface.
This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address.
%ASA-3-323001: Module module_id experienced a control channel communications failure.
%ASA-3-323002: Module module_id is not able to shut down, shut down request not answered.
%ASA-3-323003: Module module_id is not able to reload, reload request not answered.
%ASA-3-323004: Module module_id failed to write software vnewver (currently vver), reason. Hw-module reset is required before
further use.
%ASA-3-323005: Module module_id can not be started completely
%ASA-3-323007: Module in slot slot experienced a firware failure and the recovery is in progress.
%ASA-3-324000: Drop GTPv version message msg_type from source_interface:source_address/source_port to dest_interface:dest_address/dest_port
Reason: reason
%ASA-3-324001: GTPv0 packet parsing error from source_interface:source_address/source_port to dest_interface:dest_address/dest_port,
TID: tid_value, Reason: reason
%ASA-3-324002: No PDP[MCB] exists to process GTPv0 msg_type from source_interface:source_address/source_port to dest_interface:dest_address/dest_port,
TID: tid_value
%ASA-3-324003: No matching request to process GTPv version msg_type from source_interface:source_address/source_port to source_interface:dest_address/dest_port
%ASA-3-324004: GTP packet with version%d from source_interface:source_address/source_port to dest_interface:dest_address/dest_port
is not supported
%ASA-3-324005: Unable to create tunnel from source_interface:source_address/source_port to dest_interface:dest_address/dest_port
%ASA-3-324006:GSN IP_address tunnel limit tunnel_limit exceeded, PDP Context TID tid failed
%ASA-3-324007: Unable to create GTP connection for response from: source_address/0 to dest_address/dest_port
%ASA-3-324008: No PDP exists to update the data sgsn [ggsn] PDPMCB Info REID: teid_value, Request TEID; teid_value, Local
GSN: IPaddress (VPIfNum), Remove GSN: IPaddress (VPIfNum)
%ASA-3-324300: Radius Accounting Request from from_addr has an incorrect request authenticator
%ASA-3-324301: Radius Accounting Request has a bad header length hdr_len, packet length pkt_len
%ASA-3-325001: Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings
%ASA-3-326001: Unexpected error in the timer library: error_message
%ASA-3-326002: Error in error_message: error_message
%ASA-3-326004: An internal error occurred while processing a packet queue
%ASA-3-326005: Mrib notification failed for (IP_address, IP_address)
%ASA-3-326006: Entry-creation failed for (IP_address, IP_address)
%ASA-3-326007: Entry-update failed for (IP_address, IP_address)
%ASA-3-326008: MRIB registration failed
%ASA-3-326009: MRIB connection-open failed
%ASA-3-326010: MRIB unbind failed
%ASA-3-326011: MRIB table deletion failed
%ASA-3-326012: Initialization of string functionality failed
%ASA-3-326013: Internal error: string in string line %d (%s)
%ASA-3-339008: Umbrella resolver <current resolver ipv46> is unreachable, moving to fail-close
%ASA-3-340001: Loopback-proxy info: error_string context id context_id, context type = version/request_type/address_type
client socket (internal)= client_address_internal/client_port_internal server socket (internal)= server_address_internal/server_port_internal
server socket (external)= server_address_external/server_port_external remote socket (external)= remote_address_external/remote_port_external
%ASA-3-341003: Policy Agent failed to start for VNMC vnmc_ip_addr
%ASA-3-341004: Storage device not available: Attempt to shutdown module %s failed.
%ASA-3-341005: Storage device not available. Shutdown issued for module %s.
%ASA-3-341006: Storage device not available. Failed to stop recovery of module
%s
.
%ASA-3-341007: Storage device not available. Further recovery of module
%s
was stopped. This may take several minutes to complete.
%ASA-3-341008: Storage device not found. Auto-boot of module %s cancelled. Install drive and reload to try again.
%ASA-3-341011: Storage device with serial number ser_no in bay bay_no faulty.
%ASA-3-342002: REST API Agent failed, reason: <reason>
%ASA-3-342003: REST API Agent failure notification received. Agent will be restarted automatically.
%ASA-3-342004: Failed to automatically restart the REST API Agent after 5 unsuccessful attempts. Use the 'no rest-api agent'
and 'rest-api agent' commands to manually restart the Agent.
%ASA-3-342006: Filed to install REST API image, reason: <reason>
%ASA-3-342008:Failed to uninstall REST API image, reason: <reason>
%ASA-3-402140: CRYPTO: RSA key generation error: modulus len len
%ASA-3-402141: CRYPTO: Key zeroization error: key set type, reason reason
%ASA-3-402142: CRYPTO: Bulk data op error: algorithm alg, mode mode
%ASA-3-402148: CRYPTO: Random Number Generator error
%ASA-3-402149: CRYPTO: weak encryption type (length). Operation disallowed. Not FIPS 140-2 compliant
%ASA-3-402150: CRYPTO: Deprecated hash algorithm used for RSA operation (hash alg). Operation disallowed. Not FIPS 140-2
compliant
%ASA-3-403501: PPPoE - Bad host-unique in PADO - packet dropped. Intf:interface_name AC:ac_name
%ASA-3-403502: PPPoE - Bad host-unique in PADS - dropping packet. Intf:interface_name AC:ac_name
%ASA-3-403503: PPPoE:PPP link down:reason
%ASA-3-403504: PPPoE:No vpdn group group_name for PPPoE is created
%ASA-3-403507: PPPoE:PPPoE client on interface interface failed to locate PPPoE vpdn group group_name
%ASA-3-414001: Failed to save logging buffer using file name filename to FTP server ftp_server_address on interface interface_name:
[fail_reason]
%ASA-3-414002: Failed to save logging buffer to flash:/syslog directory using file name: filename: [fail_reason]
%ASA-3-414003: TCP Syslog Server intf: IP_Address/port not responding. New connections are [permitted|denied] based on logging
permit-hostdown policy.
%ASA-3-414005: TCP Syslog Server intf: IP_Address/port connected, New connections are permitted based on logging permit-hostdown
policy
%ASA-3-414006: TCP Syslog Server configured and logging queue is full. New connections denied based on logging permit-hostdown
policy.
%ASA-3-418018: neighbor IP_Address Down User reset
OR
neighbor IP_Address IPv4 Unicast topology base removed from session User reset
OR
neighbor IP_Address Up
OR
neighbor IP_Address IPv4 Unicast topology base removed from session BGP Notification sent
%ASA-3-418019: sent to neighbor IP_Address, Reason: reason, Bytes: count
%ASA-3-420001: IPS card not up and fail-close mode used, dropping ICMP packet ifc_in:SIP to ifc_out:DIP (typeICMP_TYPE, code
ICMP_CODE)
%ASA-3-420006: Virtual Sensor not present and fail-close mode used, dropping protocol packet from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT
%ASA-3-421001: TCP|UDP flow from interface_name:ip/port to interface_name:ip/port is dropped because application has failed.
%ASA-3-421003: Invalid data plane encapsulation.
%ASA-3-421007: TCP|UDP flow from interface_name:IP_address/port to interface_name:IP_address/port is skipped because application
has failed.
%ASA-3-425006 Redundant interface redundant_interface_name switch active member to interface_name failed.
%ASA-3-429001: CXSC card not up and fail-close mode used. Dropping protocol packet from interface_name:ip_address/port to
interface_name:ip_address/port
%ASA-3-429004: Unable to set up authentication-proxy rule for the cx action on interface interface_name for policy_type service-policy.
%ASA-3-505016: Module module_id application changed from: name version version state state to: name version state state.
%ASA-3-500005: connection terminated from in_ifc_name:src_adddress/src_port to out_ifc_name:dest_address/dest_port due to
invalid combination of inspections on same flow. Inspect inspect_name is not compatible with inspect inspect_name_2
%ASA-3-507003: The flow of type protocol from the originating interface: src_ip/src_port to dest_if:dest_ip/dest_port terminated
by inspection engine, reason -
%ASA-3-520001: error_string
%ASA-3-520002: bad new ID table size
%ASA-3-520003: bad id in error_string (id: 0xid_num)
%ASA-3-520025: No memory for radix initialization: error_msg%ASA-3-602305: IPSEC: SA creation error, source source address,
destination destination address, reason error string
%ASA-3-602306: IPSEC: SA change peer IP error, SPI:
IPsec SPI
, (src {
original src IP address
|
original src port
}, dest {
original dest IP address
|
original dest port
} => src {
new src IP address
|
new src port
}, dest: {
new dest IP address
|
new dest port
}), reason
failure reason
%ASA-3-610001: NTP daemon interface interface_name: Packet denied from IP_address
%ASA-3-610002: NTP daemon interface interface_name: Authentication failed for packet from IP_address
%ASA-3-611313: VPN Client: Backup Server List Error: reason
%ASA-3-613005: Flagged as being an ABR without a backbone area
%ASA-3-613006: Reached unknown state in neighbor state machine
%ASA-3-613007: area string lsid IP_address mask netmask type number
%ASA-3-613008: if inside if_state number
%ASA-3-613011: OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id
%ASA-3-613013: OSPF LSID IP_address adv IP_address type number gateway IP_address metric number forwarding addr route IP_address
/mask type number has no corresponding LSA
%ASA-3-613029: Router-ID IP_address is in use by ospf process number%ASA-3-613016: Area string router-LSA of length number
bytes plus update overhead bytes is too large to flood.
%ASA-3-613032: Init failed for interface inside, area is being deleted. Try again.%ASA-3-613033: Interface inside is attached
to more than one area
%ASA-3-613034: Neighbor IP_address not configured
%ASA-3-613035: Could not allocate or find neighbor IP_address%ASA-4-613015: Process 1 flushes LSA ID IP_address type-number
adv-rtr IP_address in area mask%ASA-3-702305: IPSEC: An direction tunnel_type SA (SPI=spi) between local_IP and remote_IP
(username) is rekeying due to sequence number rollover.
%ASA-3-710003: {TCP|UDP} access denied by ACL from source_IP/source_port to interface_name:dest_IP/service
%ASA-3-713004: device scheduled for reboot or shutdown, IKE key acquire message on interface interface num, for Peer IP_address
ignored
%ASA-3-713008: Key ID in ID payload too big for pre-shared IKE tunnel
%ASA-3-713009: OU in DN in ID payload too big for Certs IKE tunnel
%ASA-3-713012: Unknown protocol (protocol). Not adding SA w/spi=SPI value
%ASA-3-713014: Unknown Domain of Interpretation (DOI): DOI value
%ASA-3-713016: Unknown identification type, Phase 1 or 2, Type ID_Type
%ASA-3-713017: Identification type not supported, Phase 1 or 2, Type ID_Type
%ASA-3-713018: Unknown ID type during find of group name for certs, Type ID_Type
%ASA-3-713020: No Group found by matching OU(s) from ID payload: OU_value
%ASA-3-713022: No Group found matching peer_ID or IP_address for Pre-shared key peer IP_address
%ASA-3-713032: Received invalid local Proxy Range IP_address - IP_address
%ASA-3-713033: Received invalid remote Proxy Range IP_address - IP_address
%ASA-3-713042: IKE Initiator unable to find policy: Intf interface_number, Src: source_address, Dst: dest_address
%ASA-3-713043: Cookie/peer address IP_address session already in progress
%ASA-3-713047: Unsupported Oakley group: Group <Diffie-Hellman group>
%ASA-3-713048: Error processing payload: Payload ID: id
%ASA-3-713056: Tunnel rejected: SA (SA_name) not found for group (group_name)!
%ASA-3-713060: Tunnel Rejected: User (user) not member of group (group_name), group-lock check failed.
%ASA-3-713061: Tunnel rejected: Crypto Map Policy not found for Src:source_address, Dst: dest_address!
%ASA-3-713062: IKE Peer address same as our interface address IP_address
%ASA-3-713063: IKE Peer address not configured for destination IP_address
%ASA-3-713065: IKE Remote Peer did not negotiate the following: proposal attribute
%ASA-3-713072: Password for user (user) too long, truncating to number characters
%ASA-3-713081: Unsupported certificate encoding type encoding_type
%ASA-3-713082: Failed to retrieve identity certificate
%ASA-3-713083: Invalid certificate handle
%ASA-3-713084: Received invalid phase 1 port value (port) in ID payload
%ASA-3-713085: Received invalid phase 1 protocol (protocol) in ID payload
%ASA-3-713086: Received unexpected Certificate payload Possible invalid Auth Method (Auth method (auth numerical value))
%ASA-3-713088: Set Cert file handle failure: no IPSec SA in group group_name
%ASA-3-713098: Aborting: No identity cert specified in IPSec SA (SA_name)!
%ASA-3-713102: Phase 1 ID Data length number too long - reject tunnel!
%ASA-3-713105: Zero length data in ID payload received during phase 1 or 2 processing
%ASA-3-713107: IP_Address request attempt failed!
%ASA-3-713109: Unable to process the received peer certificate
%ASA-3-713112: Failed to process CONNECTED notify (SPI SPI_value)!
%ASA-3-713014: Unknown Domain of Interpretation (DOI): DOI value
%ASA-3-713016: Unknown identification type, Phase 1 or 2, Type ID_Type
%ASA-3-713017: Identification type not supported, Phase 1 or 2, Type ID_Type
%ASA-3-713118: Detected invalid Diffie-Helmann group_descriptor group_number, in IKE area
%ASA-3-713122: Keep-alives configured keepalive_type but peer IP_address support keep-alives (type = keepalive_type)
%ASA-3-713123: IKE lost contact with remote peer, deleting connection (keepalive type: keepalive_type)
%ASA-3-713124: Received DPD sequence number rcv_sequence_# in DPD Action, description expected seq #
%ASA-3-713127: Xauth required but selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike
proposal list
%ASA-3-713129: Received unexpected Transaction Exchange payload type: payload_id
%ASA-3-713132: Cannot obtain an IP_address for remote peer
%ASA-3-713133: Mismatch: Overriding phase 2 DH Group(DH group DH group_id) with phase 1 group(DH group DH group_number
%ASA-3-713134: Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the
L2L connection
%ASA-3-713138: Group group_name not found and BASE GROUP default preshared key not configured
%ASA-3-713140: Split Tunneling Policy requires network list but none configured
%ASA-3-713141: Client-reported firewall does not match configured firewall: action tunnel. Received -- Vendor: vendor(id),
Product product(id), Caps: capability_value. Expected -- Vendor: vendor(id), Product: product(id), Caps: capability_value
%ASA-3-713142: Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected -- Vendor:
vendor(id), Product product(id), Caps: capability_value
%ASA-3-713146: Could not add route for Hardware Client in network extension mode, address: IP_address, mask: netmask
%ASA-3-713149: Hardware client security attribute attribute_name was enabled but not requested.
%ASA-3-713152: Unable to obtain any rules from filter ACL_tag to send to client for CPP, terminating connection.
%ASA-3-713159: TCP Connection to Firewall Server has been lost, restricted tunnels are now allowed full network access
%ASA-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server
%ASA-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server
%ASA-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server
%ASA-3-713165: Client IKE Auth mode differs from the group's configured Auth mode
%ASA-3-713166: Headend security gateway has failed our user authentication attempt - check configured username and password
%ASA-3-713167: Remote peer has failed user authentication - check configured username and password
%ASA-3-713168: Re-auth enabled, but tunnel must be authenticated interactively!
%ASA-3-713174: Hardware Client connection rejected! Network Extension Mode is not allowed for this group!
%ASA-3-713182: IKE could not recognize the version of the client! IPSec Fragmentation Policy will be ignored for this connection!
%ASA-3-713185: Error: Username too long - connection aborted
%ASA-3-713186: Invalid secondary domain name list received from the authentication server. List Received: list_text Character
index (value) is illegal
%ASA-3-713189: Attempted to assign network or broadcast IP_address, removing (IP_address) from pool.
%ASA-3-713191: Maximum concurrent IKE negotiations exceeded!
%ASA-3-713193: Received packet with missing payload, Expected payload: payload_id
%ASA-3-713194: Sending IKE|IPSec Delete With Reason message: termination_reason
%ASA-3-713218: Tunnel Rejected: Client Type or Version not allowed.
%ASA-3-713226: Connection failed with peer IP_address, no trust-point defined in tunnel-group tunnel_group
%ASA-3-713227: Rejecting new IPSec SA negotiation for peer Peer_address. A negotiation was already in progress for local
Proxy Local_address/Local_netmask, remote Proxy Remote_address/Remote_netmask
%ASA-3-713230: Internal Error, ike_lock trying to lock bit that is already locked for type type
%ASA-3-713231: Internal Error, ike_lock trying to unlock bit that is not locked for type type
%ASA-3-713258: IP = var1, Attempting to establish a phase2 tunnel on var2 interface but phase1 tunnel is on var3 interface.
Tearing down old phase1 tunnel due to a potential routing change.
%ASA-3-713254: Group = groupname, Username = username, IP = peerip, Invalid IPSec/UDP port = portnum, valid range is minport
- maxport, except port 4500, which is reserved for IPSec/NAT-T
%ASA-3-713260: Output interface %d to peer was not found
%ASA-3-713261: IPV6 address on output interface %d was not found
%ASA-3-713262: Rejecting new IPSec SA negotiation for peer Peer_address. A negotiation was already in progress for local
Proxy Local_address/Local_prefix_len, remote Proxy Remote_address/Remote_prefix_len
%ASA-3-713266: Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len
%ASA-3-713268: Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len
%ASA-3-713270: Could not add route for Hardware Client in network extension mode, address: IP_addres>, mask: /prefix_len
%ASA-3-713272: Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address:
IP_address, mask: /prefix_len
%ASA-3-713274: Could not delete static route for client address: IP_Address IP_Address address of client whose route is being
removed
%ASA-3-713275: IKEv1 Unsupported certificate keytype %s found at trustpoint %s
%ASA-3-713276: Dropping new negotiation - IKEv1 in-negotiation context limit of %u reached
%ASA-3-713902: Descriptive_event_string.
%ASA-3-716056: Group group-name User user-name IP IP_address Authentication to SSO server name: name type type failed reason:
reason
%ASA-3-716057: Group group User user IP ip Session terminated, no type license available.
%ASA-3-716061: Group DfltGrpPolicy User user IP ip addr IPv6 User Filter tempipv6 configured for AnyConnect. This setting
has been deprecated, terminating connection
%ASA-3-716600: Rejected size-recv KB Hostscan data from IP src-ip. Hostscan results exceed default | configured limit of
size-conf KB.
%ASA-3-716601: Rejected size-recv KB Hostscan data from IP src-ip. System-wide limit onthe amount of Hostscan data stored
on ASA exceeds the limit of data-max KB.
%ASA-3-716602: Memory allocation error. Rejected size-recv KB Hostscan data from IP src-ip.
%ASA-3-717001: Querying keypair failed.
%ASA-3-717002: Certificate enrollment failed for trustpoint trustpoint_name. Reason: reason_string.
%ASA-3-717010: CRL polling failed for trustpoint trustpoint_name.
%ASA-3-717012: Failed to refresh CRL cache entry from the server for trustpoint trustpoint_name at time_of_failure
%ASA-3-717015: CRL received from issuer is too large to process (CRL size = crl_size, maximum CRL size = max_crl_size)
%ASA-3-717017: Failed to query CA certificate for trustpoint trustpoint_name from enrollment_url
%ASA-3-717018: CRL received from issuer has too many entries to process (number of entries = number_of_entries, maximum number
allowed = max_allowed)
%ASA-3-717019: Failed to insert CRL for trustpoint trustpoint_name. Reason: failure_reason.
%ASA-3-717020: Failed to install device certificate for trustpoint label. Reason: reason string.
%ASA-3-717021: Certificate data could not be verified. Locate Reason: reason_string serial number: serial number, subject
name: subject name, key length key length bits.
%ASA-3-717023: SSL failed to set device certificate for trustpoint trustpoint name. Reason: reason_string.
%ASA-3-717039: Local CA Server internal error detected: error.
%ASA-3-717042: Failed to enable Local CA Server. Reason: reason.
%ASA-3-717044: Local CA server certificate enrollment related error for user: user. Error: error.
%ASA-3-717046: Local CA Server CRL error: error.
%ASA-3-717051: SCEP Proxy: Denied processing the request type type received from IP client ip address, User username, TunnelGroup
tunnel group name, GroupPolicy group policy name to CA ca ip address. Reason: msg
%ASA-3-717057: Automatic import of trustpool certificate bundle has failed. < Maximum retry attempts reached. Failed to reach
CA server> | <Cisco root bundle signature validation failed> | <Failed to update trustpool bundle in flash> | <Failed to install
trustpool bundle in memory>
%ASA-3-717060: Peer certificate with serial number: <serial>, subject: <subject_name>, issuer: <issuer_name> failed to match
the configured certificate map <map_name>
%ASA-3-717063: protocol Certificate enrollment failed for the trustpoint tpname with the CA ca
%ASA-3-719002: Email Proxy session pointer from source_address has been terminated due to reason error.
%ASA-3-719008: Email Proxy service is shutting down.
%ASA-3-722007: Group group User user-name IP IP_address SVC Message: type-num/ERROR: message
%ASA-3-722008: Group group User user-name IP IP_address SVC Message: type-num/ERROR: message
%ASA-3-722009: Group group User user-name IP IP_address SVC Message: type-num/ERROR: message
%ASA-3-722020: TunnelGroup tunnel_group GroupPolicy group_policy User user-name IP IP_address No address available for SVC
connection
%ASA-3-722021: Group group User user-name IP IP_address Unable to start compression due to lack of memory resources
%ASA-3-722035: Group group User user-name IP IP_address Received large packet length threshold num).
%ASA-3-722036: Group group User user-name IP IP_address Transmitting large packet length (threshold num).
%ASA-3-722045: Connection terminated: no SSL tunnel initialization data.
%ASA-3-722046: Group group User user IP ip Session terminated: unable to establish tunnel.
%ASA-3-725015 Error verifying client certificate. Public key size in client certificate exceeds the maximum supported key
size.
%ASA-3-747012: Clustering: Failed to replicate global object id hex-id-value in domain domain-name to peer unit-name, continuing
operation.
%ASA-3-747013: Clustering: Failed to remove global object id hex-id-value in domain domain-name from peer unit-name, continuing
operation.
%ASA-3-747014: Clustering: Failed to install global object id hex-id-value in domain domain-name, continuing operation.
%ASA-3-747018: Clustering: State progression failed due to timeout in module module-name.
%ASA-3-747021: Clustering: Master unit unit-name is quitting due to interface health check failure on failed-interface.
%ASA-3-747022: Clustering: Asking slave unit unit-name to quit because it failed interface health check x times, rejoin will
be attempted after y min. Failed interface: interface-name.
%ASA-3-747023: Clustering: Master unit unit-name is quitting due to card name card health check failure, and master Security
Service Card state is state-name.
%ASA-3-747024: Clustering: Asking slave unit unit-name to quit due to card name card health check failure, and its Security
Service Card state is state-name.
%ASA-3-747030: Clustering: Asking slave unit unit-name to quit because it failed interface health check x times (last failure
on interface-name), Clustering must be manually enabled on the unit to re-join.
%ASA-3-747031: Clustering: Platform mismatch between cluster master (platform-type) and joining unit unit-name (platform-type).
unit-name aborting cluster join.
%ASA-3-747032: Clustering: Service module mismatch between cluster master (module-name) and joining unit unit-name (module-name)
in slot slot-number. unit-name aborting cluster join.
%ASA-3-747033: Clustering: Interface mismatch between cluster master and joining unit unit-name. unit-name aborting cluster
join.
%ASA-3-747036: Application software mismatch between cluster master %s[Master unit name] (%s[Master application software
name]) and joining unit (%s[Joining unit application software name]). %s[Joining member name] aborting cluster join.
%ASA-3-747037: Asking slave unit %s to quit due to its Security Service Module health check failure %d times, and its Security
Service Module state is %s. Rejoin will be attempted after %d minutes.
%ASA-3-747038: Asking slave unit %s to quit due to Security Service Module health check failure %d times, and its Security
Service Card Module is %s. Clustering must be manually enabled on this unit to rejoin.
%ASA-3-747039: Unit %s is quitting due to system failure for %d time(s) (last failure is %s[cluster system failure reason]).
Rejoin will be attempted after %d minutes.
%ASA-3-747040: Unit %s is quitting due to system failure for %d time(s) (last failure is %s[cluster system failure reason]).
Clustering must be manually enabled on the unit to rejoin.
%ASA-3-747041: Unit %s is quitting due to system failure for %d time(s) (last failure is %s[cluster system failure reason]).
Clustering must be manually enabled on the unit to rejoin.Master unit %s is quitting due to interface health check failure
on %s[interface name], %d times. Clustering must be manually enabled on the unit to rejoin.
%ASA-3-748005: Failed to bundle the ports for module slot_number in chassis chassis_number; clustering is disabled
%ASA-3-748006: Asking module slot_number in chassis chassis_number to leave the cluster due to a port bundling failure
%ASA-3-748100: <application_name> application status is changed from <status> to <status>.
%ASA-3-748102: Master unit <unit_id> is quitting due to <application_name> Application health check failure, and master's
application state is <status>.
%ASA-3-748103: Asking slave unit <unit_id> to quit due to <application_name> Application health check failure, and slave's
application state is <status>.
%ASA-3-748202: Module <module_id> in chassis <chassis id> is leaving the cluster due to <aplpication name> application failure.
%ASA-3-750011: Tunnel Rejected: Selected IKEv2 encryption algorithm (IKEV2 encry algo) is not strong enough to secure proposed
IPSEC encryption algorithm (IPSEC encry algo).
%ASA-3-751002: Local: localIP:port Remote:remoteIP:port Username: username/group No preshared key or trustpoint configured
for self in tunnel group group
%ASA-3-751004: Local: localIP:port Remote:remoteIP:port Username: username/group No remote authentication method configured
for peer in tunnel group group
%ASA-3-751008: Local: localIP:port Remote:remoteIP:port Username: username/group Group=group, Tunnel rejected: IKEv2 not
enabled in group policy
%ASA-3-751009: Local: localIP:port Remote:remoteIP:port Username: username/group Unable to find tunnel group for peer.
%ASA-3-751010: Local: localIP:port Remote:remoteIP:port Username: username/group Unable to determine self-authentication
method. No crypto map setting or tunnel group found.
%ASA-3-751018: Terminating the VPN connection attempt from landing group. Reason: This connection is group locked to locked
group.
%ASA-3-751020: Local:%A:%u Remote:%A:%u Username:%s An %s remote access connection failed. Attempting to use an NSA Suite
B crypto algorithm (%s) without an AnyConnect Premium license.
%ASA-3-751022: Local: local-ip Remote: remote-ip Username:username Tunnel rejected: Crypto Map Policy not found for remote
traffic selector rem-ts-start/rem-ts-end/rem-ts.startport/rem-ts.endport/rem-ts.protocol local traffic selector local-ts-start/local-ts-end/local-ts.startport/local-ts.endport/local-ts.protocol!
%ASA-3-751024: Local:ip addr Remote:ip addr Username:username IKEv2 IPv6 User Filter tempipv6 configured. This setting has
been deprecated, terminating connection
%ASA-3-752006: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Probable mis-configuration of the crypto map or tunnel-group.
Map Tag = Tag. Map Sequence Number = num, SRC Addr: address port: port Dst Addr: address port: port.
%ASA-3-752007: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Entry already in Tunnel Manager. Map Tag = mapTag.
Map Sequence Number = mapSeq.
%ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel.
Map Tag = mapTag. Map Sequence Number = mapSeq.
%ASA-3-768003: QUOTA: management session quota exceeded for user <X>: current 3, user limit 3
%ASA-3-768004: QUOTA: management session quota exceeded for <ssh/telnet/http> protocol: current 2, protocol limit 2
%ASA-3-769006: UPDATE: ASA boot system image image_name was not found on disk
%ASA-3-776001: CTS SXP: Configured source IP source ip error
%ASA-3-776002: CTS SXP: Invalid message from peer peer IP: error
%ASA-3-776003: CTS SXP: Connection with peer peer IP failed: error
%ASA-3-776004: CTS SXP: Fail to start listening socket after TCP process restart.
%ASA-3-776005: CTS SXP: Binding Binding IP - SGname(SGT) from peer IP instance connection instance num error.
%ASA-3-776006: CTS SXP: Internal error: error
%ASA-3-776007: CTS SXP: Connection with peer peer IP (instance connection instance num) state changed from original state
to Off.
%ASA-3-776020: CTS SXP: Unable to locate egress interface to peer peer IP.
%ASA-3-776202: CTS PAC for Server IP_address, A-ID PAC issuer name has expired
%ASA-3-776203: Unable to retrieve CTS Environment data due to: reason
%ASA-3-776204: CTS Environment data has expired
%ASA-3-776254: CTS SGT-MAP: Binding manager unable to action binding binding IP - SGname (SGT) from source name.
%ASA-3-776313: CTS Policy: Failure to update policies for security-group "sgname"-sgt
%ASA-3-768001: QUOTA: resource utilization is high: requested req, current curr, warning level level
%ASA-3-772002: PASSWORD: console login warning, user username, cause: password expired
%ASA-3-772004: PASSWORD: session login failed, user username, IP ip, cause: password expired
%ASA-3-779003: STS: Failed to read tag-switching table - reason
%ASA-3-779004: STS: Failed to write tag-switching table - reason
%ASA-3-779005: STS: Failed to parse tag-switching request from http - reason
%ASA-3-779006: STS: Failed to save tag-switching table to flash - reason
%ASA-3-779007: STS: Failed to replicate tag-switching table to peer - reason
%ASA-3-840001: Failed to create the backup for an IKEv2 session <Local IP>, <Remote IP>
%ASA-3-850001: SNORT ID (<snort-instance-id>/<snort-process-id>) Automatic-Application-Bypass due to delay of <delay>ms (threshold
<AAB-threshold>ms) with <connection-info>
%ASA-3-850002: SNORT ID (<snort-instance-id>/<snort-process-id>) Automatic-Application-Bypass due to SNORT not responding
to traffics for <timeout-delay>ms(threshold <AAB-threshold>ms)
%ASA-3-8300003: Failed to send session redistribution message to <variable 1>
%ASA-3-8300005: Failed to receive session move response from <variable 1>
%ASA-4-106103: access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address
dest_port hit-cnt number first hit hash codes
%ASA-4-108004: action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
%ASA-4-109017: User at IP_address exceeded auth proxy connection limit (max)
%ASA-4-109022: exceeded HTTPS proxy process limit
%ASA-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
%ASA-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
%ASA-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
%ASA-4-109031: NT Domain Authentication Failed: rejecting guest login for username.
%ASA-4-109033: Authentication failed for admin user user from src_IP. Interactive challenge processing is not supported for
protocol connections
%ASA-4-109040: User at IP exceeded auth proxy rate limit of 10 connections/sec
%ASA-4-109034: Authentication failed for network user user from src_IP/port to dst_IP/port. Interactive challenge processing
is not supported for protocol connections
%ASA-4-109102: Received CoA action-type from coa-source-ip, but cannot find named session audit-session-id
%ASA-4-113026: Error error while executing Lua script for group tunnel group
%ASA-4-113029: Group group User user IP ipaddr Session could not be established: session limit of num reached
%ASA-4-113030: Group group User user IP ipaddr User ACL acl from AAA doesn't exist on the device, terminating connection.
%ASA-4-113031: Group group User user IP ipaddr AnyConnect vpn-filter filter is an IPv6 ACL; ACL not applied.
%ASA-4-113032: Group group User user IP ipaddr AnyConnect ipv6-vpn-filter filter is an IPv4 ACL; ACL not applied.
%ASA-4-113034: Group group User user IP ipaddr User ACL acl from AAA ignored, AV-PAIR ACL used instead.
%ASA-4-113035: Group group User user IP ipaddr Session terminated: AnyConnect not enabled or invalid AnyConnect image on
the ASA.
%ASA-4-113036: Group group User user IP ipaddr AAA parameter name value invalid.
%ASA-4-113038: Group group User user IP ipaddr Unable to create AnyConnect p0arent session.
%ASA-4-113040: Terminating the VPN connection attempt from attempted group. Reason: This connection is group locked to locked
group.
%ASA-4-113041: Redirect ACL configured for assigned IP does not exist on the device.
%ASA-4-113042: CoA: Non-HTTP connection from src_if:src_ip/src_port to dest_if:dest_ip/dest_port for user username at client_IP
denied by redirect filter; only HTTP connections are supported for redirection.
%ASA-4-115002: Warning in process: process name fiber: fiber name, component: component name, subcomponent: subcomponent
name, file: filename, line: line number, cond: condition
%ASA-4-120004: Event group title is dropped. Reason reason
%ASA-4-120005: Message group to destination is dropped. Reason reason
%ASA-4-120006: Delivering message group to destination failed. Reason reason
%ASA-4-199016: syslog
%ASA-4-209003: Fragment database limit of number exceeded: src = source_address, dest = dest_address, proto = protocol, id
= number
%ASA-4-209004: Invalid IP fragment, size = bytes exceeds maximum size = bytes: src = source_address, dest = dest_address,
proto = protocol, id = number
%ASA-4-209005: Discard IP fragment set with more than number elements: src = Too many elements are in a fragment set.
%ASA-4-213007: L2TP: Failed to install Redirect URL: redirect URL Redirect ACL: non_exist for assigned IP.
%ASA-4-216004: prevented: error in function at file(line) - stack trace
%ASA-4-302034: Unable to pre-allocate H323 GUP Connection for faddr interface: foreign address/foreign-port to laddr interface:local-address/local-port
%ASA-4-302311: Failed to create a new [protocol] connection from [ingress interface]:[source IP]/[source port] to [egress
interface]:[destination IP]/[destination port] due to application cache memory allocation failure. The app-cache memory threshold
level is [threshold%] and threshold check is [enabled/disabled].
%ASA-4-308002: static global_address inside_address netmask netmask overlapped with global_address inside_address
%ASA-4-308003: WARNING: The enable password is not configured.
%ASA-4-313004: Denied ICMP type=icmp_type, from source_address on interface interface_name to dest_address:no matching session
%ASA-4-313005: No matching connection for ICMP error message: icmp_msg_info on interface_name interface. Original IP payload:
embedded_frame_info icmp_msg_info = icmp src src_interface_name:src_address [([idfw_user | FQDN_string], sg_info)] dst dest_interface_name:dest_address
[([idfw_user | FQDN_string], sg_info)] (type icmp_type, code icmp_code) embedded_frame_info = prot src source_address/source_port
[([idfw_user | FQDN_string], sg_info)] dst dest_address/dest_port [(idfw_user|FQDN_string), sg_info]
%ASA-4-313009: Denied invalid ICMP code icmp-code, for src-ifc:src-address/src-port (mapped-src-address/mapped-src-port)
to dest-ifc:dest-address/dest-port (mapped-dest-address/mapped-dest-port) [user], ICMP id icmp-id, ICMP type icmp-type
%ASA-4-315009: SSH: connection timed out: username <username> , IP <ip>
%ASA-4-325002: Duplicate address ipv6_address/MAC_address on interface
%ASA-4-325004: IPv6 Extension Header hdr_type action configuration. protocol from src_int:src_ipv6_addr/src_port to dst_interface:
dst_ipv6_addr/dst_port.
%ASA-4-325006: IPv6 Extension Header not in order: Type hdr_type occurs after Type hdr_type. TCP prot from inside src_int:
src_ipv6_addr/src_port to dst_interface:dst_ipv6_addr/dst_port
%ASA-4-337005: Phone Proxy SRTP: Media session not found for media_term_ip/media_term_port for packet from in_ifc:src_ip/src_port
to out_ifc:dest_ip/dest_port
%ASA-4-338001: Dynamic filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port, (mapped-ip/mapped-port), source malicious address resolved from local or dynamic
list: domain name, threat-level: level_value, category: category_name
%ASA-4-338002: Dynamic filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious address resolved from local or dynamic
list: domain name, threat-level: level_value, category: category_name
%ASA-4-338003: Dynamic filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port, (mapped-ip/mapped-port), source malicious address resolved from local or dynamic
list: ip address/netmask, threat-level: level_value, category: category_name
%ASA-4-338004: Dynamic filter monitored blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious address resolved from local or dynamic
list: ip address/netmask, threat-level: level_value, category: category_name
%ASA-4-338005: Dynamic filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious address resolved from local or dynamic list:
domain name, threat-level: level_value, category: category_name
%ASA-4-338006: Dynamic filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious address resolved from local or dynamic
list: domain name, threat-level: level_value, category: category_name
%ASA-4-338007: Dynamic filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious address resolved from local or dynamic list:
ip address/netmask, threat-level: level_value, category: category_name
%ASA-4-338008: Dynamic filter dropped blacklisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious address resolved from local or dynamic
list: ip address/netmask, threat-level: level_value, category: category_name
%ASA-4-338101: Dynamic filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port, (mapped-ip/mapped-port), source malicious address resolved from local or dynamic
list: domain name
%ASA-4-338102: Dynamic filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious address resolved from local or dynamic
list: domain name
%ASA-4-338103: Dynamic filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port, (mapped-ip/mapped-port), source malicious address resolved
%ASA-4-338104: Dynamic filter action whitelisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious address resolved from local or dynamic
list: ip address/netmask
from local or dynamic list: ip address/netmask
%ASA-4-338201: Dynamic filter monitored greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port, (mapped-ip/mapped-port), source malicious address resolved from local or dynamic
list: domain name, threat-level: level_value, category: category_name
%ASA-4-338202: Dynamic filter monitored greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious address resolved from local or dynamic
list: domain name, threat-level: level_value, category: category_name
%ASA-4-338203: Dynamic filter dropped greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), source malicious address resolved from local or dynamic list:
domain name, threat-level: level_value, category: category_name
%ASA-4-338204: Dynamic filter dropped greylisted protocol traffic from in_interface:src_ip_addr/src_port (mapped-ip/mapped-port)
to out_interface:dest_ip_addr/dest_port (mapped-ip/mapped-port), destination malicious address resolved from local or dynamic
list: domain name, threat-level: level_value, category: category_name
%ASA-4-338301: Intercepted DNS reply for domain name from in_interface:src_ip_addr/src_port to out_interface:dest_ip_addr/dest_port,
matched list
%ASA-4-4000nn: IPS:number string from IP_address to IP_address on interface interface_name
%ASA-4-401001: Shuns cleared
%ASA-4-401002: Shun added: IP_address IP_address port port
%ASA-4-401003: Shun deleted: IP_address
%ASA-4-401004: Shunned packet: IP_address = IP_address on interface interface_name
%ASA-4-401005: Shun add failed: unable to allocate resources for IP_address IP_address port port
%ASA-4-402114: IPSEC: Received an protocol packet (SPI=spi, sequence number= seq_num) from remote_IP to local_IP with an
invalid SPI.
%ASA-4-402115: IPSEC: Received a packet from remote_IP to local_IP containing act_prot data instead of exp_prot data.
%ASA-4-402116: IPSEC: Received an protocol packet (SPI=spi, sequence number= seq_num) from remote_IP (username) to local_IP.
The decapsulated inner packet doesn’t match the negotiated policy in the SA. The packet specifies its destination as pkt_daddr,
its source as pkt_saddr, and its protocol as pkt_prot. The SA specifies its local proxy as id_daddr /id_dmask /id_dprot /id_dport
and its remote proxy as id_saddr /id_smask /id_sprot /id_sport.
%ASA-4-402117: IPSEC: Received a non-IPSec (protocol) packet from remote_IP to local_IP.
%ASA-4-402118: IPSEC: Received an protocol packet (SPI=spi, sequence number seq_num) from remote_IP (username) to local_IP
containing an illegal IP fragment of length frag_len with offset frag_offset.
%ASA-4-402119: IPSEC: Received an protocol packet (SPI=spi, sequence number= seq_num) from remote_IP (username) to local_IP
that failed anti-replay checking.
%ASA-4-402120: IPSEC: Received an protocol packet (SPI=spi, sequence number= seq_num) from remote_IP (username) to local_IP
that failed authentication.
%ASA-4-402121: IPSEC: Received an protocol packet (SPI=spi, sequence number= seq_num) from peer_addr (username) to lcl_addr
that was dropped by IPSec (drop_reason).
%ASA-4-402122: Received a cleartext packet from src_addr to dest_addr that was to be encapsulated in IPSec that was dropped
by IPSec (drop_reason).
%ASA-4-402123: CRYPTO: The accel_type hardware accelerator encountered an error (code= error_string) while executing crypto
command command.
%ASA-4-402125: The ASA hardware accelerator ring timed out (parameters).
%ASA-4-402126: CRYPTO: The ASA created Crypto Archive File Archive Filename as a Soft Reset was necessary. Please forward
this archived information to Cisco.
%ASA-4-402127: CRYPTO: The ASA is skipping the writing of latest Crypto Archive File as the maximum # of files, max_number,
allowed have been written to archive_directory. Please archive & remove files from Archive Directory if you want more Crypto
Archive Files saved.
%ASA-4-402131: CRYPTO: status changing the accel_instance hardware accelerator's configuration bias from old_config_bias
to new_config_bias.
%ASA-4-403101: PPTP session state not established, but received an XGRE packet, tunnel_id=number, session_id=number
%ASA-4-403103: PPP virtual interface max connections reached.
%ASA-4-403104: PPP virtual interface interface_name requires mschap for MPPE.
%ASA-4-403106: PPP virtual interface interface_name requires RADIUS for MPPE.
%ASA-4-403107: PPP virtual interface interface_name missing aaa server group info
%ASA-4-403108: PPP virtual interface interface_name missing client ip address option
%ASA-4-403109: Rec'd packet not an PPTP packet. (ip) dest_address= dest_address, src_addr= source_address, data: string.
%ASA-4-403110: PPP virtual interface interface_name, user: user missing MPPE key from aaa server.
%ASA-4-403505: PPPoE:PPP - Unable to set default route to IP_address at interface_name
%ASA-4-403506: PPPoE:failed to assign PPP IP_address netmask netmask at interface_name
%ASA-4-405001: Received ARP {request | response} collision from IP_address/MAC_address on interface interface_name to IP_address/MAC_address
on interface interface_name
%ASA-4-405002: Received mac mismatch collision from IP_address/MAC_address for authenticated host
%ASA-4-405003: IP address collision detected between host IP_address at MAC_address and interface interface_name, MAC_address.
%ASA-4-405101: Unable to Pre-allocate H225 Call Signalling Connection for foreign_address outside_address[/outside_port]
to local_address inside_address[/inside_port]
%ASA-4-405102: Unable to Pre-allocate H245 Connection for foreign_address outside_address[/outside_port] to local_address
inside_address[/inside_port]
%ASA-4-405103: H225 message from source_address/source_port to dest_address/dest_port contains bad protocol discriminator
%ASA-4-405104: H225 message received from outside_address/outside_port to inside_address/inside_port before SETUP
%ASA-4-405105: H323 RAS message AdmissionConfirm received from source_address/source_port to dest_address/dest_port without
an AdmissionRequest
%ASA-4-405106: H323 num channel is not created from %I/%d to %I/%d %s
%ASA-4-405107: H245 Tunnel is detected and connection dropped from %I/%d to %I/%d %s
%ASA-4-405201: ILS ILS_message_type from inside_interface:source_IP_address to outside_interface:/destination_IP_address
has wrong embedded address embedded_IP_address
%ASA-4-405300: Radius Accounting Request received from from_addr is not allowed
%ASA-4-405301: Attribute attribute_number does not match for user user_ip
%ASA-4-406001: FTP port command low port: IP_address/port to IP_address on interface interface_name
%ASA-4-406002: FTP port command different address: IP_address(IP_address) to IP_address on interface interface_name
%ASA-4-407001: Deny traffic for local-host interface_name:inside_address, license limit of number exceeded
%ASA-4-407002: Embryonic limit nconns/elimit for through connections exceeded.outside_address/outside_port to global_address
(inside_address)/inside_port on interface interface_name
%ASA-4-407003: Established limit for RPC services exceeded number
%ASA-4-408001: IP route counter negative - reason, IP_address Attempt: number
%ASA-4-408002: ospf process id route type update address1 netmask1 [distance1/metric1] via source IP:interface1 address2
netmask2 [distance2/metric2] interface2
%ASA-4-408003: can't track this type of object hex
%ASA-4-408101: KEYMAN : Type <encrption_type> encryption unknown. Interpreting keystring as literal.
%ASA-4-409001: Database scanner: external LSA IP_address netmask is lost, reinstalls
%ASA-4-413005: Module module_id, application is not supported app_name version app_vers type app_type
%ASA-4-413006: prod-id Module software version mismatch; slot slot is prod-id version running-vers. Slot slot prod-id requires
required-vers.
%ASA-4-415016: policy-map map_name:Maximum number of unanswered HTTP requests exceeded connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-4-416001: Dropped UDP SNMP packet from source_interface:source_IP/source_port to dest_interface:dest_address/dest_port;
version (prot_version) is not allowed through the firewall
%ASA-4-417001: Unexpected event received: number
%ASA-4-417004: Filter violation error: conn number (string:string) in string
%ASA-4-417006: No memory for string) in string. Handling: string
%ASA-4-418001: Through-the-device packet to/from management-only network is denied: protocol_string from interface_name IP_address
(port) [([idfw_user|FQDN_string], sg_info)] to interface_name IP_address (port) [(idfw_user|FQDN_string), sg_info]
%ASA-4-419001: Dropping TCP packet from src_ifc:src_IP/src_port to dest_ifc:dest_IP/dest_port, reason: MSS exceeded, MSS
size, data size
%ASA-4-419002: Received duplicate TCP SYN from in_interface:src_address/src_port to out_interface:dest_address/dest_port
with different initial sequence number.
%ASA-4-419003: Cleared TCP urgent flag from out_ifc:src_ip/src_port to in_ifc:dest_ip/dest_port.
%ASA-4-420002: IPS requested to drop ICMP packets ifc_in:SIP to ifc_out:DIP (typeICMP_TYPE, code ICMP_CODE)
%ASA-4-420003: IPS requested to reset TCP connection from ifc_in:SIP/SPORT to ifc_out:DIP/DPORT
%ASA-4-420007: application-string cannot be enabled for the module in slot slot_id. The module’s current software version
does not support this feature. Please upgrade the software on the module in slot slot_id to support this feature. Received
backplane header version version_number, required backplane header version version_number or higher.
%ASA-4-422004: IP SLA Monitor number0: Duplicate event received. Event number number1
%ASA-4-422005: IP SLA Monitor Probe(s) could not be scheduled because clock is not set.
%ASA-4-422006: IP SLA Monitor Probe number: string
%ASA-4-423001: {Allowed | Dropped} invalid NBNS pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.
%ASA-4-423002: {Allowed | Dropped} mismatched NBNS pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.
%ASA-4-423003: {Allowed | Dropped} invalid NBDGM pkt_type_name with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.
%ASA-4-423004: {Allowed | Dropped} mismatched NBDGM pkt_type_name with error_reason_str from ifc_name:ip_address/port to
ifc_name:ip_address/port.
%ASA-4-423005: {Allowed | Dropped} NBDGM pkt_type_name fragment with error_reason_str from ifc_name:ip_address/port to ifc_name:ip_address/port.
%ASA-4-424001: Packet denied protocol_string intf_in:src_ip/src_port [([idfw_user | FQDN_string], sg_info)] intf_out:dst_ip/dst_port[([idfw_user
| FQDN_string], sg_info)]. [Ingress|Egress] interface is in a backup state.
%ASA-4-424002: Connection to the backup interface is denied: protocol_string intf:src_ip/src_port intf:dst_ip/dst_port
%ASA-4-426004: PORT-CHANNEL: Interface ifc_name1 is not compatible with ifc_name and will be suspended (speed of ifc_name1
is X Mbps, Y is 1000 Mbps).
%ASA-4-429002: CXSC service card requested to drop protocol packet from interface_name:ip_address/port to interface_name:ip_address/port
%ASA-4-429003: CXSC service card requested to reset TCP connection from interface_name:ip_addr/port to interface_name:ip_addr/port
%ASA-4-429007: CXSC redirect will override Scansafe redirect for flow from interface_name:ip_address/port to interface_name:ip_address/port
with username
%ASA-4-429008: Unable to respond to VPN query from CX for session 0x%x. Reason %s
%ASA-4-431001: RTP conformance: Dropping RTP packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, Drop reason:
drop_reason value
%ASA-4-431002: RTCP conformance: Dropping RTCP packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, Drop reason:
drop_reason value
%ASA-4-434001: SFR card not up and fail-close mode used, dropping protocol packet from ingress interface:source IP address/source
port to egress interface:destination IP address/destination port
%ASA-4-434002: SFR requested to drop protocol packet from ingress interface:source IP address/source port to egress interface:destination
IP address/destination port
%ASA-4-434003: SFR requested to reset TCP connection from ingress interface:source IP address/source port to egress interface:destination
IP address/destination port
%ASA-4-434007: SFR redirect will override Scansafe redirect for flow from ingress interface:source IP address/source port
to egress interface:destination IP address/destination port (user)
%ASA-4-444005: Timebased activation key activation-key will expire in num days.
ASA-4-444008: %s license has expired, and the system is scheduled to reload in x days. Apply a new activation key to enable
%s license and prevent the automatic reload.
%ASA-4-444106: Shared license backup server address is not available
%ASA-4-444109: Shared license backup server role changed to
state
%ASA-4-444110: Shared license server backup has days remaining as active license server
%ASA-4-446001: Maximum TLS Proxy session limit of max_sess reached.
%ASA-4-446003: Denied TLS Proxy session from src_int:src_ip/src_port to dst_int:dst_ip/dst_port, UC-IME license is disabled.
%ASA-4-447001: ASP DP to CP queue_name was full. Queue length length, limit limit
%ASA-4-448001: Denied SRTP crypto session setup on flow from src_int:src_ip/src_port to dst_int:dst_ip/dst_port, licensed
K8 SRTP crypto session of limit exceeded
%ASA-4-450001: Deny traffic for protocol protocol_id src interface_name:IP_address/port dst interface_name:IP_address/port,
licensed host limit of num exceeded.
%ASA-4-500004: Invalid transport field for protocol=protocol, from source_address/source_port to dest_address/dest_port
%ASA-4-507002: Data copy in proxy-mode exceeded the buffer limit
%ASA-4-603110: Failed to establish L2TP session, tunnel_id = tunnel_id, remote_peer_ip = peer_ip, user = username. Multiple
sessions per tunnel are not supported
%ASA-4-604105: DHCPD: Unable to send DHCP reply to client hardware_address on interface interface_name. Reply exceeds options
field size (options_field_size) by number_of_octets octets.
%ASA-4-607002: action_class: action SIP req_resp req_resp_info from src_ifc:sip/sport to dest_ifc:dip/dport; further_info
%ASA-4-607004: Phone Proxy: Dropping SIP message from src_if:src_ip/src_port to dest_if:dest_ip/dest_port with source MAC
mac_address due to secure phone database mismatch.
%ASA-4-608002: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too
small
%ASA-4-608003: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, SCCPPrefix length value too
large
%ASA-4-608004: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, message id value not allowed
%ASA-4-608005: Dropping Skinny message for in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port, message id value registration
not complete
%ASA-4-612002: Auto Update failed:filename, version:number, reason:reason
%ASA-4-612003: Auto Update failed to contact:url, reason:reason
%ASA-4-613017: Bad LSA mask: Type number, LSID IP_address Mask mask from IP_address
%ASA-4-613018: Maximum number of non self-generated LSA has been exceeded “OSPF number” - number LSAs
%ASA-4-613019: Threshold for maximum number of non self-generated LSA has been reached "OSPF number" - number LSAs
%ASA-4-613021: Packet not written to the output queue
%ASA-4-613022: Doubly linked list linkage is NULL
%ASA-4-613023: Doubly linked list prev linkage is NULL number
%ASA-4-613024: Unrecognized timer number in OSPF string
%ASA-4-613025: Invalid build flag number for LSA IP_address, type number
%ASA-4-613026: Can not allocate memory for area structure
%ASA-4-613030: Router is currently an ASBR while having only one area which is a stub area
%ASA-4-613031: No IP address for interface inside
%ASA-4-613036: Can not use configured neighbor: cost and database-filter options are allowed only for a point-to-multipoint
network
%ASA-4-613037: Can not use configured neighbor: poll and priority options are allowed only for a NBMA network
%ASA-4-613038: Can not use configured neighbor: cost or database-filter option is required for point-to-multipoint broadcast
network
%ASA-4-613039: Can not use configured neighbor: neighbor command is allowed only on NBMA and point-to-multipoint networks
%ASA-4-613040: OSPF-1 Area string: Router IP_address originating invalid type number LSA, ID IP_address, Metric number on
Link ID IP_address Link Type number
%ASA-4-613042: OSPF process number lacks forwarding address for type 7 LSA IP_address in NSSA string - P-bit cleared
%ASA-4-620002: Unsupported CTIQBE version: hex: from interface_name:IP_address/port to interface_name:IP_address/port
%ASA-4-709008: (Primary | Secondary) Configuration sync in progress. Command: ‘command’ executed from (terminal/http) will
not be replicated to or executed by the standby unit.
%ASA-4-711002: Task ran for elapsed_time msecs, process = process_name, PC = PC Tracebeback = traceback
%ASA-4-711004: Task ran for msec msec, Process = process_name, PC = pc, Call stack = call stack
%ASA-4-713154: DNS lookup for peer_description Server [server_name] failed!
%ASA-4-713157: Timed out on initial contact to server [server_name or IP_address] Tunnel could not be established.
%ASA-4-713207: Terminating connection: IKE Initiator and tunnel group specifies L2TP Over IPSec
%ASA-4-713239: IP_Address: Tunnel Rejected: The maximum tunnel count allowed has been reached
%ASA-4-713240: Received DH key with bad length: received length=rlength expected length=elength
%ASA-4-713241: IE Browser Proxy Method setting_number is Invalid
%ASA-4-713242: Remote user is authenticated using Hybrid Authentication. Not starting IKE rekey.
%ASA-4-713243: META-DATA Unable to find the requested certificate
%ASA-4-713244: META-DATA Received Legacy Authentication Method(LAM) type type is different from the last type received type.
%ASA-4-713245: META-DATA Unknown Legacy Authentication Method(LAM) type type received.
%ASA-4-713246: META-DATA Unknown Legacy Authentication Method(LAM) attribute type type received.
%ASA-4-713247: META-DATA Unexpected error: in Next Card Code mode while not doing SDI.
%ASA-5-713248: META-DATA Rekey initiation is being disabled during CRACK authentication.
%ASA-4-713249: META-DATA Received unsupported authentication results: result
%ASA-4-713251: META-DATA Received authentication failure message
%ASA-4-713255: IP = peer-IP, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name group-name
%ASA-4-713903: Group = group policy, Username = user name, IP = remote IP, ERROR: Failed to install Redirect URL: redirect
URL Redirect ACL: non_exist for assigned IP.
%ASA-4-716007: Group group User user WebVPN Unable to create session.
%ASA-4-716022: Unable to connect to proxy server reason.
%ASA-4-716023: Group name User user Session could not be established: session limit of maximum_sessions reached.
%ASA-4-716044: Group group-name User user-name IP IP_address AAA parameter param-name value param-value out of range.
%ASA-4-716045: Group group-name User user-name IP IP_address AAA parameter param-name value invalid.
%ASA-4-716046: Group group-name-name User user-name IP IP_address User ACL access-list-name from AAA doesn't exist on the
device, terminating connection.
%ASA-4-716047: Group group-name User user-name IP IP_address User ACL access-list from AAA ignored, AV-PAIR ACL used instead.
%ASA-4-716048: Group group-name User user-name IP IP_address No memory to parse ACL.
%ASA-4-716052: Group group-name User user-name IP IP_address Pending session terminated.
%ASA-4-717026: Name lookup failed for hostname hostname during PKI operation.
%ASA-4-717031: Failed to find a suitable trustpoint for the issuer: issuer Reason: reason_string
%ASA-4-717035: OCSP status is being checked for certificate. certificate_identifier.
%ASA-4-717037: Tunnel group search using certificate maps failed for peer certificate: certificate_identifier.
%ASA-4-717052: Group group name User user name IP IP Address Session disconnected due to periodic certificate authentication
failure. Subject Name id subject name Issuer Name id issuer name Serial Number id serial number
%ASA-4-720001: (VPN-unit) Failed to initialize with Chunk Manager.
%ASA-4-720007: (VPN-unit) Failed to allocate chunk from Chunk Manager.
%ASA-4-720008: (VPN-unit) Failed to register to High Availability Framework.
%ASA-4-720009: (VPN-unit) Failed to create version control block.
%ASA-4-720011: (VPN-unit) Failed to allocate memory
%ASA-4-720013: (VPN-unit) Failed to insert certificate in trust point trustpoint_name
%ASA-4-720022: (VPN-unit) Cannot find trust point trustpoint
%ASA-4-720033: (VPN-unit) Failed to queue add to message queue.
%ASA-4-720038: (VPN-unit) Corrupted message from active unit.
%ASA-4-720043: (VPN-unit) Failed to send type message id to standby unit
%ASA-4-720044: (VPN-unit) Failed to receive message from active unit
%ASA-4-720047: (VPN-unit) Failed to sync SDI node secret file for server IP_address on the standby unit.
%ASA-4-720051: (VPN-unit) Failed to add new SDI node secret file for server id on the standby unit.
%ASA-4-720052: (VPN-unit) Failed to delete SDI node secret file for server id on the standby unit.
%ASA-4-720053: (VPN-unit) Failed to add cTCP IKE rule during bulk sync, peer=IP_address, port=port
%ASA-4-720054: (VPN-unit) Failed to add new cTCP record, peer=IP_address, port=port.
%ASA-4-720055: (VPN-unit) VPN Stateful failover can only be run in single/non-transparent mode.
%ASA-4-720064: (VPN-unit) Failed to update cTCP database record for peer=IP_address, port=port during bulk sync.
%ASA-4-720065: (VPN-unit) Failed to add new cTCP IKE rule, peer=peer, port=port.
%ASA-4-720066: (VPN-unit) Failed to activate IKE database.
%ASA-4-720067: (VPN-unit) Failed to deactivate IKE database.
%ASA-4-720068: (VPN-unit) Failed to parse peer message.
%ASA-4-720069: (VPN-unit) Failed to activate cTCP database.
%ASA-4-720070: (VPN-unit) Failed to deactivate cTCP database.
%ASA-4-720073: VPN Session failed to replicate - ACL acl_name not found
%ASA-4-721007: (device) Fail to update access list list_name on standby unit.
%ASA-4-721011: (device) Fail to add access list rule list_name, line line_no on standby unit.
%ASA-4-721013: (device) Fail to enable APCF XML file file_name on the standby unit.
%ASA-4-721015: (device) Fail to disable APCF XML file file_name on the standby unit.
%ASA-4-721017: (device) Fail to create WebVPN session for user user_name, IP ip_address.
%ASA-4-721019: (device) Fail to delete WebVPN session for client user user_name, IP ip_address.
%ASA-4-722001: IP IP_address Error parsing SVC connect request.
%ASA-4-722002: IP IP_address Error consolidating SVC connect request.
%ASA-4-722003: IP IP_address Error authenticating SVC connect request.
%ASA-4-722004: Group group User user-name IP IP_address Error responding to SVC connect request.
%ASA-4-722015: Group group User user-name IP IP_address Unknown SVC frame type: type-num
%ASA-4-722016: Group group User user-name IP IP_address Bad SVC frame length: length expected: expected-length
%ASA-4-722017: Group group User user-name IP IP_address Bad SVC framing: 525446, reserved: 0
%ASA-4-722018: Group group User user-name IP IP_address Bad SVC protocol version: version, expected: expected-version
%ASA-4-722019: Group group User user-name IP IP_address Not enough data for an SVC header: length
%ASA-4-722039: Group group, User user, IP ip, SVC 'vpn-filter acl' is an IPv6 ACL; ACL not applied.
%ASA-4-722040: Group group, User user, IP ip, SVC 'ipv6-vpn-filter acl' is an IPv4 ACL; ACL not applied
%ASA-4-722041: TunnelGroup tunnel_group GroupPolicy group_policy User username IP peer_address No IPv6 address available
for SVC connection
%ASA-4-722042: Group group User user IP ip Invalid Cisco SSL Tunneling Protocol version.
%ASA-4-722047: Group group User user IP ip Tunnel terminated: SVC not enabled or invalid SVC image on the ASA.
%ASA-4-722048: Group group User user IP ip Tunnel terminated: SVC not enabled for the user.
%ASA-4-722049: Group group User user IP ip Session terminated: SVC not enabled or invalid image on the ASA.
%ASA-4-722050: Group group User user IP ip Session terminated: SVC not enabled for the user.
%ASA-4-722054: Group group policy User user name IP remote IP SVC terminating connection: Failed to install Redirect URL:
redirect URL Redirect ACL: non_exist for assigned IP
%ASA-4-724001: Group group-name User user-name IP IP_address WebVPN session not allowed. Unable to determine if Cisco Secure
Desktop was running on the client's workstation.
%ASA-4-724002: Group group-name User user-name IP IP_address WebVPN session not terminated. Cisco Secure Desktop was not
running on the client's workstation.
%ASA-4-733100: Object drop rate rate_ID exceeded. Current burst rate is rate_val per second, max configured rate is rate_val;
Current average rate is rate_val per second, max configured rate is rate_val; Cumulative total count is total_cnt
%ASA-4-733101: Object objectIP (is targeted|is attacking). Current burst rate is rate_val per second, max configured rate
is rate_val; Current average rate is rate_val per second, max configured rate is rate_val; Cumulative total count is total_cnt.
%ASA-4-733102: Threat-detection adds host %I to shun list
%ASA-4-733103: Threat-detection removes host %I from shun list
%ASA-4-735018: Power Supply var1: Temp: var2 var3, Critical
%ASA-4-735019: Power Supply var1: Temp: var2 var3, Warm
%ASA-4-735026: CPU cpu_num Voltage Regulator is running beyond the max thermal operating temperature and the device will
be shutting down immediately. The chassis and CPU need to be inspected immediately for ventilation issues.
%ASA-4-737012: IPAA: Address assignment failed
%ASA-4-737013: IPAA: Error freeing address ip-address, not found
%ASA-4-737019: IPAA: Unable to get address from group-policy or tunnel-group local pools
%ASA-4-737028: IPAA: Adding ip-address to standby: failed
%ASA-4-737030: IPAA: Adding %m to standby: address already in use
%ASA-4-737032: IPAA: Removing ip-address from standby: not found
%ASA-4-737033: IPAA: Unable to assign addr_allocator provided IP address ip_addr to client. This IP address has already been
assigned by previous_addr_allocator
%ASA-4-737038: IPAA: Session=session, specified address ip-address was in-use, trying to get another.
% ASA-4-737203: VPNFIP: Pool=pool, WARN: message
% ASA-4-737402: POOLIP: Pool=pool, Failed to return ip-address to pool (recycle=recycle). Reason: message
%ASA-4-741006: Unable to write Coredump Helper configuration, reason variable 1
%ASA-4-746004: user identity: Total number of activated user groups exceeds the maximum number of max_groups groups for this
platform.
%ASA-4-746006: user-identity: Out of sync with AD Agent, start bulk download
%ASA-4-746011: Total number of users created exceeds the maximum number of max_users for this platform.
%ASA-4-747008: Clustering: New cluster member name with serial number serial-number-A rejected due to name conflict with
existing unit with serial number serial-number-B.
%ASA-4-747015: Clustering: Forcing stray member unit-name to leave the cluster.
%ASA-4-747016: Clustering: Found a split cluster with both unit-name-A and unit-name-B as master units. Master role retained
by unit-name-A, unit-name-B will leave, then join as a slave.
%ASA-4-747017: Clustering: Failed to enroll unit unit-name due to maximum member limit limit-value reached.
%ASA-4-747019: Clustering: New cluster member name rejected due to Cluster Control Link IP subnet mismatch (ip-address/ip-mask
on new unit, ip-address/ip-mask on local unit).
%ASA-4-747020: Clustering: New cluster member unit-name rejected due to encryption license mismatch.
%ASA-4-747025: Clustering: New cluster member unit-name rejected due to firewall mode mismatch.
%ASA-4-747026: Clustering: New cluster member unit-name rejected due to cluster interface name mismatch (ifc-name on new
unit, ifc-name on local unit).
%ASA-4-747027: Clustering: Failed to enroll unit unit-name due to insufficient size of cluster pool pool-name in context-name.
%ASA-4-747028: Clustering: New cluster member unit-name rejected due to interface mode mismatch (mode-name on new unit, mode-name
on local unit).
%ASA-4-747029: Clustering: Unit unit-name is quitting due to Cluster Control Link down.
%ASA-4-747034: Unit %s is quitting due to Cluster Control Link down (%d times after last rejoin). Rejoin will be attempted
after %d minutes.
%ASA-4-747035: Unit %s is quitting due to Cluster Control Link down. Clustering must be manually enabled on the unit to rejoin.
%ASA-4-748002: Clustering configuration on the chassis is missing or incomplete; clustering is disabled.
%ASA-4-748003: Module slot_number in chassis chassis_number is leaving the cluster due to a chassis health check failure
%ASA-4-748201: <Application name> application on module <module id> in chassis <chassis id> is <status>.
%ASA-4-750003: Local: local IP:local port Remote: remote IP:remote port Username: username Negotiation aborted due to ERROR:
error
%ASA-4-750012: Selected IKEv2 encryption algorithm (IKEV2 encry algo) is not strong enough to secure proposed IPSEC encryption
algorithm (IPSEC encry algo).
%ASA-4-750014: Local:<self ip>:<self port> Remote:<peer ip>:<peer port> Username:<TG or Username> IKEv2 Session aborted. Reason:
Initial Contact received for Local ID: <self ID>, Remote ID: <peer ID> from remote peer:<peer ip>:<peer port> to <self ip>:<self
%ASA-4-750015: Local:<self ip>:<self port> Remote:<peer ip>:<peer port> Username:<TG or Username> IKEv2 deleting IPSec SA.
Reason: invalid SPI notification received for SPI 0x<SPI>; local traffic selector = Address Range: <start address>-<end address>
Protocol: <protocol number> Port Range: <start port>-<end port> ; remote traffic selector = Address Range: <start address>-<end
address> Protocol: <protocol number> Port Range: <start port>-<end port>
%ASA-4-751014: Local: localIP:port Remote remoteIP:port Username: username/group Warning Configuration Payload request for
attribute attribute ID could not be processed. Error: error
%ASA-4-751015: Local: localIP:port Remote remoteIP:port Username: username/group SA request rejected by CAC. Reason: reason
%ASA-4-751016: Local: localIP:port Remote remoteIP:port Username: username/group L2L peer initiated a tunnel with the same
outer and inner addresses. Peer could be Originate only - Possible misconfiguration!
%ASA-4-751019: Local:LocalAddr Remote:RemoteAddr Username:username Failed to obtain an licenseType license. Maximum license
limit limit exceeded.
%ASA-4-751021: Local:variable 1:variable 2 Remote:variable 3:variable 4 Username:variable 5 variable 6 with variable 7 encryption
is not supported with this version of the AnyConnect Client. Please upgrade to the latest Anyconnect Client.
%ASA-4-751027: Local:local IP:local port Remote:peer IP:peer port Username:username IKEv2 Received INVALID_SELECTORS Notification
from peer. Peer received a packet (SPI=spi). The decapsulated inner packet didn’t match the negotiated policy in the SA. Packet
destination pkt_daddr, port pkt_dest_port, source pkt_saddr, port pkt_src_port, protocol pkt_prot.
%ASA-4-752009: IKEv2 Doesn't support Multiple Peers
%ASA-4-752010: IKEv2 Doesn't have a proposal specified
%ASA-4-752011: IKEv1 Doesn't have a transform set specified
%ASA-4-752012: IKEv protocol was unsuccessful at setting up a tunnel. Map Tag = mapTag. Map Sequence Number = mapSeq.
%ASA-4-752013: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2 after a failed attempt. Map Tag = mapTag. Map Sequence
Number = mapSeq.
%ASA-4-752014: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1 after a failed attempt. Map Tag = mapTag. Map Sequence
Number = mapSeq.
%ASA-4-752017: IKEv2 Backup L2L tunnel initiation denied on interface interface matching crypto map name, sequence number
number. Unsupported configuration.
%ASA-4-753001: Unexpected IKEv2 packet received from <IP>:<port>. Error: <reason>
%ASA-4-768003: SSH: connection timed out: username username, IP ip
%ASA-4-769009: UPDATE: Image booted image_name is different from boot images.
%ASA-4-770001: Resource resource allocation is more than the permitted list of limit for this platform. If this condition
persists, the ASA will be rebooted.
%ASA-4-770003: Resource resource allocation is less than the minimum requirement of value for this platform. If this condition
persists, performance will be lower than normal.
%ASA-4-775002: Reason - protocol connection conn_id from interface_name:real_address/real_port [(idfw_user)] to interface_name:real_address/real_port
is action locally
%ASA-4-775004: Scansafe: Primary server ip_address is not reachable
%ASA-4-776201: CTS PAC: CTS PAC for Server IP_address, A-ID PAC issuer name will expire in number days
%ASA-4-776304: CTS Policy: Unresolved security-group name "sgname" referenced, policies based on this name will be inactive
%ASA-4-776305: CTS Policy: Security-group table cleared, all polices referencing security-group names will be deactivated
%ASA-4-776312: CTS Policy: Previously resolved security-group name "sgname" is now unresolved, policies based on this name
will be deactivated
%ASA-5-109012: Authen Session End: user 'user', sid number, elapsed number seconds
%ASA-5-109029: Parsing downloaded ACL: string
%ASA-5-109039: AAA Authentication:Dropping an unsupported IPv6/IP46/IP64 packet from lifc:laddr to fifc:faddr
%ASA-5-111001: Begin configuration: IP_address writing to device
%ASA-5-111002: Begin configuration: IP_address reading from device
%ASA-5-111003: IP_address Erase configuration
%ASA-5-111004: IP_address end configuration: {FAILED|OK}
%ASA-5-111005: IP_address end configuration: OK
%ASA-5-111007: Begin configuration: IP_address reading from device.
%ASA-5-111008: User user executed the command string
%ASA-5-111010: User username, running application-name from IP ip addr, executed cmd
%ASA-5-113024: Group tg: Authenticating type connection from ip with username, user_name, from client certificate
%ASA-5-113025: Group tg: FAILED to extract username from certificate while authenticating type connection from ip
%ASA-5-120001: Smart Call-Home Module is started.
%ASA-5-120002: Smart Call-Home Module is terminated.
%ASA-5-120008: SCH client client is activated.
%ASA-5-120009: SCH client client is deactivated.
%ASA-5-120012: User username chose to choice call-home anonymous reporting at the prompt.
%ASA-5-121001: msgId id. Telemetry support on the chassis: status.
%ASA-5-199001: Reload command executed from Telnet (remote IP_address).
%ASA-5-199017: syslog
%ASA-5-199027: Restore operation was aborted at <HH:MM:SS> UTC <DD:MM:YY>
%ASA-5-212009: Configuration request for SNMP group groupname failed. User username, reason.
%ASA-5-303004: FTP cmd_string command unsupported - failed strict inspection, terminating connection from source_interface:source_address/source_port
to dest_interface:dest_address/dest_interface
%ASA-5-303005: Strict FTP inspection matched match_string in policy-map policy-name, action_string from src_ifc:sip/sport
to dest_ifc:dip/dport
%ASA-5-304001: user source_address [(idfw_user)] Accessed URL dest_address: url.
%ASA-5-338308: Dynamic filter updater server dynamically changed from old_server_host: old_server_port to new_server_host:
new_server_port
%ASA-5-402128: CRYPTO: An attempt to allocate a large memory block failed, size: size, limit: limit
%ASA-5-415004: HTTP - matched matched_string in policy-map map_name, content-type verification failed connection_action from
int_type:IP_address/port_num to int_type:IP_address/port_num
%ASA-5-415005: HTTP - matched matched_string in policy-map map_name, URI length exceeded connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415006: HTTP - matched matched_string in policy-map map_name, URI matched connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415007: HTTP - matched matched_string in policy-map map_name, Body matched connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415008: HTTP - matched matched_string in policy-map map_name, header matched connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415009: HTTP - matched matched_string in policy-map map_name, method matched connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415010: matched matched_string in policy-map map_name, transfer encoding matched connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415011: HTTP - policy-map map_name:Protocol violation connection_action from int_type:IP_address/port_num to int_type:IP_address/port_num
%ASA-5-415012: HTTP - matched matched_string in policy-map map_name, Unknown mime-type connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415013: HTTP - policy-map map-name:Malformed chunked encoding connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415014: HTTP - matched matched_string in policy-map map_name, Mime-type in response wasn't found in the accept-types
of the request connection_action from int_type:IP_address/port_num to int_type:IP_address/port_num
%ASA-5-415015: HTTP - matched matched_string in policy-map map_name, transfer-encoding unknown connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415018: HTTP - matched matched_string in policy-map map_name, Header length exceeded connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415019: HTTP - matched matched_string in policy-map map_name, status line matched connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-5-415020: HTTP - matched matched_string in policy-map map_name, a non-ASCII character was matched connection_action
from int_type:IP_address/port_num to int_type:IP_address/port_num
%ASA-5-425005 Interface interface_name become active in redundant interface redundant_interface_name
%ASA-5-4302310: SCTP packet received from src_ifc:src_ip/src_port to dst_ifc:dst_ip/dst_port contains unsupported Hostname
Parameter.
%ASA-5-434004: SFR requested ASA to bypass further packet redirection and process flow from %s:%A/%d to %s:%A/%d locally
%ASA-5-444101: Shared license service is active. License server address: address
%ASA-5-500001: ActiveX content in java script is modified: src src ip dest dest ip on interface interface name
%ASA-5-500002: Java content in java script is modified: src src ip dest dest ip on interface interface name
%ASA-5-500003: Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port,
flags: tcp_flags, on interface interface_name
%ASA-5-501101: User transitioning priv level
%ASA-5-502101: New user added to local dbase: Uname: user Priv: privilege_level Encpass: string
%ASA-5-502102: User deleted from local dbase: Uname: user Priv: privilege_level Encpass: string
%ASA-5-502103: User priv level changed: Uname: user From: privilege_level To: privilege_level
%ASA-5-502111: New group policy added: name: policy_name Type: policy_type
%ASA-5-502112: Group policy deleted: name: policy_name Type: policy_type
%ASA-5-503001: Process number, Nbr IP_address on interface_name from string to string, reason
%ASA-5-503002: The last key has expired for interface <nameif>, packets sent using last valid key
%ASA-5-503005: Key ID <key-id> in key chain <key-chain-name> does not have a cryptographic algorithm
%ASA-5-504001: Security context context_name was added to the system
%ASA-5-504002: Security context context_name was removed from the system
%ASA-5-505001: Module module_id is shutting down. Please wait...
%ASA-5-505002: Module ips is reloading. Please wait...
%ASA-5-505003: Module module_id is resetting. Please wait...
%ASA-5-505004: Module module_id shutdown is complete.
%ASA-5-505005: Module module_name is initializing control communication. Please wait...
%ASA-5-505006: Module module_id is Up.
%ASA-5-505007: Module module_id is recovering. Please wait...
%ASA-5-505008: Module module_id software is being updated to vnewver (currently vver)
%ASA-5-505009: Module module_id software was updated to vnewver (previously vver)
%ASA-5-505010: Module in slot slot removed.
%ASA-5-505012: Module module_id, application stopped application, version version
%ASA-5-505013: Module module_id application changed from: application version version to: newapplication version newversion.
%ASA-5-506001: event_source_string event_string
%ASA-5-507001: Terminating TCP-Proxy connection from interface_inside:source_address/source_port to interface_outside:dest_address/dest_port
- reassembly limit of limit bytes exceeded
%ASA-5-508001: DCERPC message_type non-standard version_type version version_number from src_if:src_ip/src_port to dest_if:dest_ip/dest_port,
terminating connection.
%ASA-5-508002: DCERPC response has low endpoint port port_number from src_if:src_ip/src_port to dest_if:dest_ip/dest_port,
terminating connection.
%ASA-5-509001: Connection attempt from src_intf:src_ip/src_port [([idfw_user | FQDN_string], sg_info)] to dst_intf:dst_ip/dst_port
[([idfw_user | FQDN_string], sg_info)] was prevented by "no forward" command.
%ASA-5-503101: Process %d, Nbr %i on %s from %s to %s, %s
%ASA-5-611103: User logged out: Uname: user
%ASA-5-611104: Serial console idle timeout exceeded
%ASA-5-612001: Auto Update succeeded:filename, version:number
%ASA-5-711005: Traceback: call_stack
%ASA-5-713006: Failed to obtain state for message Id message_number, Peer Address: IP_address
%ASA-5-713010: IKE area: failed to find centry for message Id message_number
%ASA-5-713041: IKE Initiator: new or rekey Phase 1 or 2, Intf interface_number, IKE Peer IP_address local Proxy Address IP_address,
remote Proxy Address IP_address, Crypto map (crypto map tag)
%ASA-5-713049: Security negotiation complete for tunnel_type type (group_name) Initiator/Responder, Inbound SPI = SPI, Outbound
SPI = SPI
%ASA-5-713050: Connection terminated for peer IP_address. Reason: termination reason Remote Proxy IP_address, Local Proxy
IP_address
%ASA-5-713068: Received non-routine Notify message: notify_type (notify_value)
%ASA-5-713073: Responder forcing change of Phase 1/Phase 2 rekeying duration from larger_value to smaller_value seconds
%ASA-5-713074: Responder forcing change of IPSec rekeying duration from larger_value to smaller_value Kbs
%ASA-5-713075: Overriding Initiator's IPSec rekeying duration from larger_value to smaller_value seconds
%ASA-5-713076: Overriding Initiator's IPSec rekeying duration from larger_value to smaller_value Kbs
%ASA-5-713092: Failure during phase 1 rekeying attempt due to collision
%ASA-5-713115: Client rejected NAT enabled IPSec request, falling back to standard IPSec
%ASA-5-713119: Group group IP ip PHASE 1 COMPLETED
%ASA-5-713120: PHASE 2 COMPLETED (msgid=msg_id)
%ASA-5-713130: Received unsupported transaction mode attribute: attribute id
%ASA-5-713131: Received unknown transaction mode attribute: attribute_id
%ASA-5-713135: message received, redirecting tunnel to IP_address.
%ASA-5-713136: IKE session establishment timed out [IKE_state_name], aborting!
%ASA-5-713139: group_name not found, using BASE GROUP default preshared key
%ASA-5-713144: Ignoring received malformed firewall record; reason - error_reason TLV type attribute_value correction
%ASA-5-713148: Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address:
IP_address, mask: netmask
%ASA-5-713155: DNS lookup for Primary VPN Server [server_name] successfully resolved after a previous failure. Resetting
any Backup Server init.
%ASA-5-713156: Initializing Backup Server [server_name or IP_address]
%ASA-5-713158: Client rejected NAT enabled IPSec Over UDP request, falling back to IPSec Over TCP
%ASA-5-713178: IKE Initiator received a packet from its peer without a Responder cookie
%ASA-5-713179: IKE AM Initiator received a packet from its peer without a payload_type payload
%ASA-5-713196: Remote L2L Peer IP_address initiated a tunnel with same outer and inner addresses. Peer could be Originate
Only - Possible misconfiguration!
%ASA-5-713197: The configured Confidence Interval of number seconds is invalid for this tunnel_type connection. Enforcing
the second default.
%ASA-5-713199: Reaper corrected an SA that has not decremented the concurrent IKE negotiations counter (counter_value)!
%ASA-5-713216: Rule: action [Client type]: version Client: type version allowed/ not allowed
%ASA-5-713229: Auto Update - Notification to client client_ip of update string: message_string.
%ASA-5-713237: ACL update (access_list) received during re-key re-authentication will not be applied to the tunnel.
%ASA-5-713248: META-DATA Rekey initiation is being disabled during CRACK authentication.
%ASA-5-713250: META-DATA Received unknown Internal Address attribute: attribute
%ASA-5-713252: Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. VPN Tunnel creation rejected
for client.
%ASA-5-713253: Group = group, Username = user, IP = ip, Integrity Firewall Server is not available. Entering ALLOW mode.
VPN Tunnel created for client.
%ASA-5-713257: Phase
var1
failure: Mismatched attribute types for class
var2
: Rcv'd:
var3
Cfg'd:
var4
%ASA-5-713259: Group = groupname, Username = username, IP = peerIP, Session is being torn down. Reason: reason
%ASA-5-713904: Descriptive_event_string.
%ASA-5-716053: SSO Server added: name: name Type: type
%ASA-5-716054: SSO Server deleted: name: name Type: type
%ASA-5-717013: Removing a cached CRL to accommodate an incoming CRL. Issuer: issuer
%ASA-5-717014: Unable to cache a CRL received from CDP due to size limitations (CRL size = size, available cache space =
space)
%ASA-5-717050: SCEP Proxy: Processed request type type from IP client ip address, User username, TunnelGroup tunnel_group
name, GroupPolicy group-policy name to CA IP ca ip address
%ASA-5-717053: Group group name User user name IP IP Address Periodic certificate authentication succeeded. Subject Name
id subject name Issuer Name id issuer name Serial Number id serial number
%ASA-5-717061: Starting protocol certificate enrollment for the trustpoint tpname with the CA ca_name. Request Type type
Mode mode
%ASA-5-717062: protocol Certificate enrollment succeeded for the trustpoint tpname with the CA ca. Received a new certificate
with Subject Name subject Issuer Name issuer Serial Number serial
%ASA-5-717064: Keypair keyname in the trustpoint tpname is regenerated for mode protocol certificate renewal
%ASA-5-718002: Create peer IP_address failure, already at maximum of number_of_peers
%ASA-5-718005: Fail to send to IP_address, port port
%ASA-5-718006: Invalid load balancing state transition [cur=state_number][event=event_number]
%ASA-5-718007: Socket open failure failure_code
%ASA-5-718008: Socket bind failure failure_code
%ASA-5-718009: Send HELLO response failure to IP_address
%ASA-5-718010: Sent HELLO response to IP_address
%ASA-5-718011: Send HELLO request failure to IP_address
%ASA-5-718012: Sent HELLO request to IP_address
%ASA-5-718014: Master peer IP_address is not answering HELLO
%ASA-5-718015: Received HELLO request from IP_address
%ASA-5-718016: Received HELLO response from IP_address
%ASA-5-718024: Send CFG UPDATE failure to IP_address
%ASA-5-718028: Send OOS indicator failure to IP_address
%ASA-5-718031: Received OOS obituary for IP_address
%ASA-5-718032: Received OOS indicator from IP_address
%ASA-5-718033: Send TOPOLOGY indicator failure to IP_address
%ASA-5-748001: Module
slot_number
in chassis
chassis_number
is leaving the cluster due to a chassis configuration change
%ASA-5-748004: Module
slot_number
in chassis
chassis_number
is re-joining the cluster due to a chassis health check recovery
%ASA-5-748203: Module <module_id> in chassis <chassis id> is re-joining the cluster due to a service chain application recovery.
%ASA-5-750001: Local:local IP:local port Remote:remote IP: remote port Username: username Received request to request an
IPsec tunnel; local traffic selector = local selectors: range, protocol, port range; remote traffic selector = remote selectors:
range, protocol, port range
%ASA-5-750002: Local:local IP:local port Remote: remote IP: remote port Username: username Received a IKE_INIT_SA request
%ASA-5-750004: Local: local IP: local port Remote: remote IP: remote port Username: username Sending COOKIE challenge to
throttle possible DoS
%ASA-5-750005: Local: local IP: local port Remote: remote IP: remote port Username: username IPsec rekey collision detected.
I am lowest nonce initiator, deleting SA with inbound SPI SPI
%ASA-5-750006: Local: local IP: local port Remote: remote IP: remote port Username: username SA UP. Reason: reason
%ASA-5-750007: Local: local IP: local port Remote: remote IP: remote port Username: username SA DOWN. Reason: reason
%ASA-5-750008: Local: local IP: local port Remote: remote IP: remote port Username: username SA rejected due to system resource
%ASA-5-750009: Local: local IP: local port Remote: remote IP: remote port Username: username SA request rejected due to CAC
limit reached: Rejection reason: reason
%ASA-5-750010: Local: local-ip Remote: remote-ip Username:username IKEv2 local throttle-request queue depth threshold of
threshold reached; increase the window size on peer peer for better performance
%ASA-5-751007: Local: localIP:port Remote:remoteIP:port Username: username/group Configured attribute not supported for IKEv2.
Attribute: attribute
%ASA-5-751025: Local: local IP:local port Remote: remote IP:remote port Username:username Group:group-policy IPv4 Address=assigned_IPv4_addr
IPv6 address=assigned_IPv6_addr assigned to session.
%ASA-5-751028: Local:<localIP:port> Remote:<remoteIP:port> Username:<username/group> IKEv2 Overriding configured keepalive
values of threshold:<config_threshold>/retry:<config_retry> to threshold:<applied_threshold>/retry:<applied_retry>.
%ASA-5-752003: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv2. Map Tag = mapTag. Map Sequence Number = mapSeq.
%ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = mapTag. Map Sequence Number = mapSeq.
%ASA-5-752016: IKEv protocol was successful at setting up a tunnel. Map Tag = mapTag. Map Sequence Number = mapSeq.
%ASA-5-776009: CTS SXP: password changed.
%ASA-5-776010: CTS SXP: SXP default source IP is changed original source IP final source IP.
%ASA-5-776011: CTS SXP: operational state.
%ASA-5-776252: CTS SGT-MAP: CTS SGT-MAP: Binding binding IP - SGname(SGT) from source name deleted from binding manager.
%ASA-5-776309: CTS Policy: Previously known security-group tag sgt is now unknown
%ASA-5-776310: CTS Policy: Security-group name "sgname" remapped from security-group tag old_sgt to new_sgt
%ASA-5-769001: UPDATE: ASA image src was added to system boot list
%ASA-5-769002: UPDATE: ASA image src was copied to dest
%ASA-5-769003: UPDATE: ASA image src was renamed to dest
%ASA-6-106102: access-list acl_ID {permitted | denied} protocol for user username interface_name/source_address source_port
interface_name/dest_address dest_port hit-cnt number {first hit | number-second interval} hash codes
%ASA-6-108005: action_class: Received ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info
%ASA-6-108007: TLS started on ESMTP session between client client-side interface-name: clientIP address/client port and server
server-side interface-name: server IP address/server port
%ASA-6-109001: Auth start for user user from inside_address/inside_port to outside_address/outside_port
%ASA-6-109002: Auth from inside_address/inside_port to outside_address/outside_port failed (server IP_address failed) on
interface interface_name.
%ASA-6-109003: Auth from inside_address to outside_address/outside_port failed (all servers failed) on interface interface_name,
so marking all servers ACTIVE again.
%ASA-6-109005: Authentication succeeded for user user from inside_address/inside_port to outside_address/outside_port on
interface interface_name.
%ASA-6-109006: Authentication failed for user user from inside_address/inside_port to outside_address/outside_port on interface
interface_name.
%ASA-6-109007: Authorization permitted for user user from inside_address/inside_port to outside_address/outside_port on interface
interface_name.
%ASA-6-109008: Authorization denied for user user from outside_address/outside_port to inside_address/ inside_port on interface
interface_name.
%ASA-6-109024: Authorization denied from source_address/source_port to dest_address/dest_port (not authenticated) on interface
interface_name using protocol
%ASA-6-109025: Authorization denied (acl=acl_ID) for user 'user' from source_address/source_port to dest_address/dest_port
on interface interface_name using protocol
%ASA-6-109036: Exceeded 1000 attribute values for the attribute name attribute for user username.
%ASA-6-109100: Received CoA update from
coa-source-ip
for user
username
, with session ID:
audit-session-id
, changing authorization attributes
%ASA-6-109101: Received CoA disconnect request from
coa-source-ip
for user
username
, with audit-session-id:
audit-session-id
%ASA-6-110002: Failed to locate egress interface for protocol from src interface:src IP/src port to dest IP/dest port
%ASA-6-110003: Routing failed to locate next-hop for protocol from src interface:src IP/src port to dest interface:dest IP/dest
%ASA-6-110004: Egress interface changed from old_active_ifc to new_active_ifc on ip_protocol connection conn_id for outside_zone/parent_outside_ifc:outside_addr/outside_port
(mapped_addr/mapped_port) to inside_zone/parent_inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port)
%ASA-6-113003: AAA group policy for user user is being set to policy_name.
%ASA-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user
%ASA-6-113005: AAA user authentication Rejected: reason = string: server = server_IP_address, User = user: user IP = user_ip
%ASA-6-113006: User user locked out on exceeding number successive failed authentication attempts
%ASA-6-113007: User user unlocked by administrator
%ASA-6-113008: AAA transaction status ACCEPT: user = user
%ASA-6-113009: AAA retrieved default group policy policy for user user
%ASA-6-113010: AAA challenge received for user user from server server_IP_address
%ASA-6-113011: AAA retrieved user specific group policy policy for user user
%ASA-6-113012: AAA user authentication Successful: local database: user = user
%ASA-6-113013: AAA unable to complete the request Error: reason = reason: user = user
%ASA-6-113014: AAA authentication server not accessible: server = server_IP_address: user = user
%ASA-6-113015: AAA user authentication Rejected: reason = reason: local database: user = user:
user IP =xxx.xxx.xxx.xxx
%ASA-6-113016: AAA credentials rejected: reason = reason: server = server_IP_address: user = user: user IP = xxx.xxx.xxx.xxx
%ASA-6-113017: AAA credentials rejected: reason = reason: local database: user = user: user IP = user_ip=xxx.xxx.xxx.xxx
%ASA-6-113033: Group group User user IP ipaddr AnyConnect session not allowed. ACL parse error.
%ASA-6-113037: Reboot pending, new sessions disabled. Denied user login.
%ASA-6-113039: Group group User user IP ipaddr AnyConnect parent session started.
%ASA-6-113045: AAA SDI server IP_address in aaa-server group group_name: status changed from previous-state to current-state
%ASA-6-114004: 4GE SSM I/O Initialization start.
%ASA-6-114005: 4GE SSM I/O Initialization end.
%ASA-6-120003: Process event group title
%ASA-6-120007: Message group to destination delivered.
%ASA-6-121003: msgId id. Telemetry request from the chassis received. SSE connector status: connector status. Telemetry config
on the blade: blade status. Telemetry data data status.
%ASA-6-201010: Embryonic connection limit exceeded econns/limit for dir packet from source_address/source_port to dest_address/dest_port
on interface interface_name
%ASA-6-201012: Per-client embryonic connection limit exceeded curr num/limit for [input|output] packet from IP_address/ port
to ip/port on interface interface_name
%ASA-6-210022: LU missed number updates
%ASA-6-302003: Built H245 connection for foreign_address outside_address/outside_port local_address inside_address/inside_port
%ASA-6-302004: Pre-allocate H323 UDP backconnection for foreign_address outside_address/outside_port to local_address inside_address/inside_port
%ASA-6-302010: connections in use, connections most used
%ASA-6-302012: Pre-allocate H225 Call Signalling Connection for faddr IP_address/port to laddr IP_address
%ASA-6-302013: Built {inbound|outbound} TCP connection_id for interface:real-address/real-port (mapped-address/mapped-port)
[(idfw_user)] to interface:real-address/real-port (mapped-address/mapped-port) [(idfw_user)] [(user)]
%ASA-6-302014: Teardown TCP connection id for interface :real-address /real-port [(idfw_user )] to interface :real-address /real-port [(idfw_user )]
duration hh:mm:ss bytes bytes [reason [from teardown-initiator]] [(user )]
%ASA-6-302015: Built {inbound|outbound} UDP connection number for interface_name:real_address/real_port (mapped_address/mapped_port)
[(idfw_user)] to interface_name:real_address/real_port (mapped_address/mapped_port) [(idfw_user)] [(user)]
%ASA-6-302016: Teardown UDP connection number for interface:real-address/real-port [(idfw_user)] to interface:real-address/real-port
[(idfw_user)] duration hh:mm:ss bytes bytes [(user)]
%ASA-6-302017: Built {inbound|outbound} GRE connection id from interface:real_address (translated_address) [(idfw_user)]
to interface:real_address/real_cid (translated_address/translated_cid) [(idfw_user)] [(user)
%ASA-6-302018: Teardown GRE connection id from interface:real_address (translated_address) [(idfw_user)] to interface:real_address/real_cid
(translated_address/translated_cid) [(idfw_user)] duration hh:mm:ss bytes bytes [(user)]
%ASA-6-302020: Built ICMP connection connection_id from interface:real-address/real-port (mapped-address/mapped-port) [(idfw_user)]
to interface:real-address/real-port (mapped-address/mapped-port) [(idfw_user)] [(user)]
%ASA-6-302021: Teardown ICMP connection connection_id from interface:real-address/real-port (mapped-address/mapped-port)
[(idfw_user)] to interface:real-address/real-port (mapped-address/mapped-port) [(idfw_user)] [(user)]
%ASA-6-302022: Built role stub TCP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port
(mapped-address/mapped-port)
%ASA-6-302023: Teardown stub TCP connection for interface:real-address/real-port to interface:real-address/real-port duration
hh:mm:ss forwarded bytes bytes reason
%ASA-6-302024: Built role stub UDP connection for interface:real-address/real-port (mapped-address/mapped-port) to interface:real-address/real-port
(mapped-address/mapped-port)
%ASA-6-302025: Teardown stub UDP connection for interface:real-address/real-port to interface:real-address/real-port duration
hh:mm:ss forwarded bytes bytes reason
%ASA-6-302026: Built role stub ICMP connection for interface:real-address/real-port (mapped-address) to interface:real-address/real-port
(mapped-address)
%ASA-6-302027: Teardown stub ICMP connection for interface:real-address/real-port to interface:real-address/real-port duration
hh:mm:ss forwarded bytes bytes reason
%ASA-6-302033: Pre-allocated H323 GUP Connection for faddr interface:foreign address/foreign-port to laddr interface:local-address/local-port
%ASA-6-302035: Built {inbound|outbound} SCTP connection conn_id for outside_interface:outside_ip/outside_port (mapped_outside_ip/mapped_outside_port)[([outside_idfw_user],[outside_sg_info])]
to inside_interface:inside_ip/inside_port (mapped_inside_ip/mapped_inside_port)[([inside_idfw_user],[inside_sg_info])] [(user)]
%ASA-6-302036: Teardown SCTP connection conn_id for outside_interface:outside_ip/outside_port[([outside_idfw_user],[outside_sg_info])]
to inside_interface:inside_ip/inside_port[([inside_idfw_user],[inside_sg_info])] duration time bytes bytes reason [(user)]
%ASA-6-302303: Built TCP state-bypass connection conn_id from initiator_interface:real_ip/real_port(mapped_ip/mapped_port)
to responder_interface:real_ip/real_port (mapped_ip/mapped_port)
%ASA-6-302304: Teardown TCP state-bypass connection conn_id from initiator_interface:ip/port to responder_interface:ip/port
duration, bytes, teardown reason.
%ASA-6-302305: Built SCTP state-bypass connection conn_id for outside_interface:outside_ip/outside_port (mapped_outside_ip/mapped_outside_port)[([outside_idfw_user],[outside_sg_info])]
to inside_interface:inside_ip/inside_port (mapped_inside_ip/mapped_inside_port)[([inside_idfw_user],[inside_sg_info])]
%ASA-6-302306: Teardown SCTP state-bypass connection conn_id for outside_interface:outside_ip/outside_port[([outside_idfw_user],[outside_sg_info])]
to inside_interface:inside_ip/inside_port[([inside_idfw_user],[inside_sg_info])] duration time bytes bytes reason
%ASA-6-303002: FTP connection from src_ifc:src_ip/src_port to dst_ifc:dst_ip/dst_port, user username action file filename
%ASA-6-304004: URL Server IP_address request failed URL url HTTP/1.0
%ASA-6-305007: addrpool_free(): Orphan IP IP_address on interface interface_number
%ASA-6-305009: Built {dynamic|static} translation from interface_name [(acl-name)]:real_address [(idfw_user)] to interface_name:mapped_address
%ASA-6-305010: Teardown {dynamic|static} translation from interface_name:real_address [(idfw_user)] to interface_name:mapped_address
duration time
%ASA-6-305011: Built {dynamic|static} {TCP|UDP|ICMP} translation from interface_name:real_address/real_port [(idfw_user)]
to interface_name:mapped_address/mapped_port
%ASA-6-305012: Teardown {dynamic|static} {TCP|UDP|ICMP} translation from interface_name [(acl-name)]:real_address/{real_port|real_ICMP_ID}
[(idfw_user)] to interface_name:mapped_address/{mapped_port|mapped_ICMP_ID} duration time
%ASA-6-308001: console enable password incorrect for number tries (from IP_address)
%ASA-6-311001: LU loading standby start
%ASA-6-311002: LU loading standby end
%ASA-6-311003: LU recv thread up
%ASA-6-311004: LU xmit thread up
%ASA-6-312001: RIP hdr failed from IP_address: cmd=string, version=number domain=string on interface interface_name
%ASA-6-314001: Pre-allocated RTSP UDP backconnection for src_intf:src_IP to dst_intf:dst_IP/dst_port.
%ASA-6-314002: RTSP failed to allocate UDP media connection from src_intf:src_IP to dst_intf:dst_IP/dst_port: reason_string.
%ASA-6-314003: Dropped RTSP traffic from src_intf:src_ip due to: reason.
%ASA-6-314005: RTSP client src_intf:src_IP denied access to URL RTSP_URL.
%ASA-6-314006: RTSP client src_intf:src_IP exceeds configured rate limit of rate for request_method messages.
%ASA-6-315011: SSH session from IP_address on interface interface_name for user user disconnected by SSH server, reason:
reason
%ASA-6-315013: SSH session from SSH client address on interface interface_name for user user_name rekeyed successfully.
%ASA-6-317007: Added route_type route dest_address netmask via gateway_address [distance/metric] on interface_name route_type
%ASA-6-317008: Deleted route_type route dest_address netmask via gateway_address [distance/metric] on interface_name route_type
%ASA-6-321003: Resource var1 log level of var2 reached.
%ASA-6-321004: Resource var1 rate log level of var2 reached
%ASA-6-322004: No management IP address configured for transparent firewall. Dropping protocol protocol packet from interface_in:source_address/source_port
to interface_out:dest_address/dest_port
%ASA-6-333001: EAP association initiated - context:EAP-context
%ASA-6-333003: EAP association terminated - context:EAP-context
%ASA-6-333009: EAP-SQ response MAC TLV is invalid - context:EAP-context
%ASA-6-334001: EAPoUDP association initiated - host-address
%ASA-6-334004: Authentication request for NAC Clientless host - host-address
%ASA-6-334007: EAPoUDP association terminated - host-address
%ASA-6-334008: NAC EAP association initiated - host-address, EAP context:EAP-context
%ASA-6-334009: Audit request for NAC Clientless host - Assigned_IP.
%ASA-6-335009: NAC 'Revalidate' request by administrative action - host-address
%ASA-6-335010: NAC 'Revalidate All' request by administrative action - num sessions
%ASA-6-335011: NAC 'Revalidate Group' request by administrative action for group-name group - num sessions
%ASA-6-335012: NAC 'Initialize' request by administrative action - host-address
%ASA-6-335013: NAC 'Initialize All' request by administrative action - num sessions
%ASA-6-335014: NAC 'Initialize Group' request by administrative action for group-name group - num sessions
%ASA-6-336011: event event
%ASA-6-337000: Created BFD session with local discriminator id on real_interface with neighbor real_host_ip.
%ASA-6-337001: Terminated BFD session with local discriminator id on real_interface with neighbor real_host_ip due to failure_reason.
%ASA-6-338304: Successfully downloaded dynamic filter data file from updater server url
%ASA-6-340002: Loopback-proxy info: error_string context id context_id, context type = version/request_type/address_type
client socket (internal)= client_address_internal/client_port_internal server socket (internal)= server_address_internal/server_port_internal
server socket (external)= server_address_external/server_port_external remote socket (external)= remote_address_external/remote_port_external
%ASA-6-341001: Policy Agent started successfully for VNMC vnmc_ip_addr
%ASA-6-341002: Policy Agent stopped successfully for VNMC vnmc_ip_add
%ASA-6-341010: Storage device with serial number ser_no [inserted into | removed from] bay bay_no
%ASA-6-402129: CRYPTO: An attempt to release a DMA memory block failed, location: address
%ASA-6-402130: CRYPTO: Received an ESP packet (SPI = xxxxxxxxxx, sequence number=xxxx) from 172.16.0.1 (user=user) to 192.168.0.2
with incorrect IPsec padding.
%ASA-6-403500: PPPoE - Service name 'any' not received in PADO. Intf:interface_name AC:ac_name.
%ASA-6-410004: action_class: action DNS query_response from src_ifc:sip/sport to dest_ifc:dip/dport; further_info
%ASA-6-414004: TCP Syslog Server intf: IP_Address/port - Connection restored
%ASA-6-414007: TCP Syslog Server connection restored. New connections are allowed.
%ASA-6-414008: New connections are now allowed due to change of logging permit-hostdown policy.
%ASA-6-415001: HTTP - matched matched_string in policy-map map_name, header field count exceeded connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-6-415002: HTTP - matched matched_string in policy-map map_name, header field length exceeded connection_action from
int_type:IP_address/port_num to int_type:IP_address/port_num
%ASA-6-415003: HTTP - matched matched_string in policy-map map_name, body length exceeded connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-6-415017: HTTP - matched_string in policy-map map_name, arguments matched connection_action from int_type:IP_address/port_num
to int_type:IP_address/port_num
%ASA-6-419005: TCP connection <ID> from <src_ifc>:<src_ip>/<src_port> to <dst_ifc>:<dst_ip>/<dst_port> duration <hh:mm:ss>
data <bytes>, is kept open by DCD as valid connection
%ASA-6-419006: Teardown TCP connection <ID> from <src_ifc>:<src_ip>/<src_port> to <dst_ifc>:<dst_ip>/<dst_port> duration<hh:mm:ss>
data <bytes>, DCD probe was not responded from <client/server> interface <ifc_name>
%ASA-6-420004: Virtual Sensor sensor_name was added on the AIP SSM
%ASA-6-420005: Virtual Sensor sensor_name was deleted from the AIP SSM
%ASA-6-421002: TCP|UDP flow from interface_name:IP_address/port to interface_nam:IP_address/port bypassed application checking
because the protocol is not supported.
%ASA-6-421005: interface_name:IP_address is counted as a user of application
%ASA-6-421006: There are number users of application accounted during the past 24 hours.
%ASA-6-425003 Interface interface_name added into redundant interface redundant_interface_name.
%ASA-6-425004 Interface interface_name removed from redundant interface redundant_interface_name.
%ASA-6-426001: PORT-CHANNEL:Interface ifc_name bundled into EtherChannel interface Port-channel num
%ASA-6-426002: PORT-CHANNEL:Interface ifc_name unbundled from EtherChannel interface Port-channel num
%ASA-6-426003: PORT-CHANNEL:Interface ifc_name1 has become standby in EtherChannel interface Port-channel num
%ASA-6-426101: PORT-CHANNEL:Interface ifc_name is allowed to bundle into EtherChannel interface port-channel id by CLACP
%ASA-6-426102: PORT-CHANNEL:Interface ifc_name is moved to standby in EtherChannel interface port-channel id by CLACP
%ASA-6-426103: PORT-CHANNEL:Interface ifc_name is selected to move from standby to bundle in EtherChannel interface port-channel
id by CLACP
%ASA-6-426104: PORT-CHANNEL:Interface ifc_name is unselected in EtherChannel interface port-channel id by CLACP
%ASA-6-428001: WAAS confirmed from in_interface:src_ip_addr/src_port to out_interface:dest_ip_addr/dest_port, inspection
services bypassed on this connection
%ASA-6-429005: Set up authentication-proxy protocol_type rule for the CXSC action on interface interface_name for traffic
destined to ip_address/port for policy_type service-policy.
%ASA-6-429006: Cleaned up authentication-proxy rule for the CXSC action on interface interface_name for traffic destined
to ip_address for policy_type service-policy.
%ASA-6-444103: Shared licensetype license usage is over 90% capacity
%ASA-6-444107: Shared license service status on interface ifname
%ASA-6-444108: Shared license state client id id
%ASA-6-602101: PMTU-D packet number bytes greater than effective mtu number dest_addr=dest_address, src_addr=source_address,
prot=protocol
%ASA-6-602103: IPSEC: Received an ICMP Destination Unreachable from src_addr with suggested PMTU of rcvd_mtu; PMTU updated
for SA with peer peer_addr, SPI spi, tunnel name username, old PMTU old_mtu, new PMTU new_mtu.%ASA-7-703001: H.225 message
received from interface_name:IP_address/port to interface_name:IP_address/port is using an unsupported version number
%ASA-6-602104: IPSEC: Received an ICMP Destination Unreachable from src_addr, PMTU is unchanged because suggested PMTU of
rcvd_mtu is equal to or greater than the current PMTU of curr_mtu, for SA with peer peer_addr, SPI spi, tunnel name username.
%ASA-6-602303: IPSEC: An direction tunnel_type SA (SPI=spi) between local_IP and remote_IP (username) has been created.
%ASA-6-602304: IPSEC: An direction tunnel_type SA (SPI=spi) between local_IP and remote_IP (username) has been deleted.
%ASA-6-603101: PPTP received out of seq or duplicate pkt, tnl_id=number, sess_id=number, seq=number.
%ASA-6-603103: PPP virtual interface interface_name - user: user aaa authentication status
%ASA-6-603104: PPTP Tunnel created, tunnel_id is number, remote_peer_ip is remote_address, ppp_virtual_interface_id is number,
client_dynamic_ip is IP_address, username is user, MPPE_key_strength is string
%ASA-6-603106: L2TP Tunnel created, tunnel_id is number, remote_peer_ip is remote_address, ppp_virtual_interface_id is number,
client_dynamic_ip is IP_address, username is user
%ASA-6-604104: DHCP daemon interface interface_name: address released build_name (IP_address)
%ASA-6-604201: DHCPv6 PD client on interface <pd-client-iface> received delegated prefix <prefix> from DHCPv6 PD server <server-address>
with preferred lifetime <in-seconds> seconds and valid lifetime <in-seconds> seconds
%ASA-6-604202: DHCPv6 PD client on interface <pd-client-iface> releasing delegated prefix <prefix> received from DHCPv6 PD
server <server-address>
%ASA-6-604203: DHCPv6 PD client on interface <pd-client-iface> renewed delegated prefix <prefix> from DHCPv6 PD server <server-address>
with preferred lifetime <in-seconds> seconds and valid lifetime <in-seconds> seconds
%ASA-6-604204: DHCPv6 delegated prefix <delegated prefix> got expired on interface <pd-client-iface>, received from DHCPv6
PD server <server-address>
%ASA-6-604205: DHCPv6 client on interface <client-iface> allocated address <ipv6-address> from DHCPv6 server <server-address>
with preferred lifetime <in-seconds> seconds and valid lifetime <in-seconds> seconds
%ASA-6-604207: DHCPv6 client on interface <client-iface> renewed address <ipv6-address> from DHCPv6 server <server-address>
with preferred lifetime <in-seconds> seconds and valid lifetime <in-seconds> seconds
%ASA-6-604208: DHCPv6 client address <ipv6-address > got expired on interface <client-iface>, received from DHCPv6 server
<server-address>
%ASA-6-605004: Login denied from source-address/source-port to interface:destination/service for user “username”
%ASA-6-605005: Login permitted from source-address/source-port to interface:destination/service for user “username”
%ASA-6-606001: ASDM session number number from IP_address started
%ASA-6-606002: ASDM session number number from IP_address ended
%ASA-6-606003: ASDM logging session number id from IP_address started id session ID assigned
%ASA-6-606004: ASDM logging session number id from IP_address ended
%ASA-6-607001: Pre-allocate SIP connection_type secondary channel for interface_name:IP_address/port to interface_name:IP_address
from string message
%ASA-6-607003: action_class: Received SIP req_resp req_resp_info from src_ifc:sip/sport to dest_ifc:dip/dport; further_info
%ASA-6-608001: Pre-allocate Skinny connection_type secondary channel for interface_name:IP_address to interface_name:IP_address
from string message
%ASA-6-613001: Checksum Failure in database in area string Link State Id IP_address Old Checksum number New Checksum number
%ASA-6-613002: interface interface_name has zero bandwidth
%ASA-6-613003: IP_address netmask changed from area string to area string
%ASA-6-613014: Base topology enabled on interface string attached to MTR compatible mode area string%ASA-6-613027: OSPF process
number removed from interface interface_name
%ASA-6-613028: Unrecognized virtual interface intetface_name. Treat it as loopback stub route
%ASA-6-613041: OSPF-100 Areav string: LSA ID IP_address, Type number, Adv-rtr IP_address, LSA counter DoNotAge
%ASA-6-613043:
%ASA-6-613101: Checksum Failure in database in area %s Link State Id %i Old Checksum %#x New Checksum %#x
%ASA-6-613102: interface %s has zero bandwidth
%ASA-6-613103: %i%m changed from area %AREA_ID_STR to area %AREA_ID_STR
%ASA-6-614001: Split DNS: request patched from server: IP_address to server: IP_address
%ASA-6-614002: Split DNS: reply from server: IP_address reverse patched back to original server: IP_address
%ASA-6-615001: vlan number not available for firewall interface
%ASA-6-615002: vlan number available for firewall interface
%ASA-6-616001: Pre-allocate MGCP data_channel connection for inside_interface:inside_address to outside_interface:outside_address/port
from message_type message
%ASA-6-617001: GTPv version msg_type from source_interface:source_address/source_port not accepted by source_interface:dest_address/dest_port
%ASA-6-617002: Removing v1 PDP Context with TID tid from GGSN IP_address and SGSN IP_address, Reason: reason or Removing
v1 primary|secondary PDP Context with TID tid from GGSN IP_address and SGSN IP_address, Reason: reason
%ASA-6-617003: GTP Tunnel created from source_interface:source_address/source_port to source_interface:dest_address/dest_port
%ASA-6-617004: GTP connection created for response from source_interface:source_address/0 to source_interface:dest_address/dest_port
%ASA-6-617100: Teardown num_conns connection(s) for user user_ip
%ASA-6-618001: Denied STUN packet <msg_type> from <ingress_ifc>:<source_addr>/<source_port> to <egress_ifc>:<destination_addr>/<destination_port>
for connection <conn_id>, <drop_reason>
%ASA-6-620001: Pre-allocate CTIQBE {RTP | RTCP} secondary channel for interface_name:outside_address[/outside_port] to interface_name:inside_address[/inside_port]
from CTIQBE_message_name message
%ASA-6-621001: Interface interface_name does not support multicast, not enabled
%ASA-6-621002: Interface interface_name does not support multicast, not enabled
%ASA-6-621003: The event queue size has exceeded number
%ASA-6-720010: (VPN-unit) VPN failover client is being disabled
%ASA-6-720012: (VPN-unit) Failed to update IPSec failover runtime data on the standby unit.
%ASA-6-722013: Group group User user-name IP IP_address SVC Message: type-num/INFO: message
%ASA-6-720014: (VPN-unit) Phase 2 connection entry (msg_id=message_number, my cookie=mine, his cookie=his) contains no SA
list.
%ASA-6-720015: (VPN-unit) Cannot found Phase 1 SA for Phase 2 connection entry (msg_id=message_number, my cookie=mine, his
cookie=his).
%ASA-6-720023: (VPN-unit) HA status callback: Peer is not present.
%ASA-6-720024: (VPN-unit) HA status callback: Control channel is status.
%ASA-6-720025: (VPN-unit) HA status callback: Data channel is status.
%ASA-6-720026: (VPN-unit) HA status callback: Current progression is being aborted.
%ASA-6-720027: (VPN-unit) HA status callback: My state state.
%ASA-6-720028: (VPN-unit) HA status callback: Peer state state.
%ASA-6-720029: (VPN-unit) HA status callback: Start VPN bulk sync state.
%ASA-6-720030: (VPN-unit) HA status callback: Stop bulk sync state.
%ASA-6-720032: (VPN-unit) HA status callback: id=ID, seq=sequence_#, grp=group, event=event, op=operand, my=my_state, peer=peer_state.
%ASA-6-720037: (VPN-unit) HA progression callback: id=id,seq=sequence_number,grp=group,event=event,op=operand, my=my_state,peer=peer_state.
%ASA-6-720039: (VPN-unit) VPN failover client is transitioning to active state
%ASA-6-720040: (VPN-unit) VPN failover client is transitioning to standby state.
%ASA-6-720045: (VPN-unit) Start bulk syncing of state information on standby unit.
%ASA-6-720046: (VPN-unit) End bulk syncing of state information on standby unit
%ASA-6-720056: (VPN-unit) VPN Stateful failover Message Thread is being disabled.
%ASA-6-720057: (VPN-unit) VPN Stateful failover Message Thread is enabled.
%ASA-6-720058: (VPN-unit) VPN Stateful failover Timer Thread is disabled.
%ASA-6-720059: (VPN-unit) VPN Stateful failover Timer Thread is enabled.
%ASA-6-720060: (VPN-unit) VPN Stateful failover Sync Thread is disabled.
%ASA-6-720061: (VPN-unit) VPN Stateful failover Sync Thread is enabled.
%ASA-6-720062: (VPN-unit) Active unit started bulk sync of state information to standby unit.
%ASA-6-720063: (VPN-unit) Active unit completed bulk sync of state information to standby.
%ASA-6-721001: (device) WebVPN Failover SubSystem started successfully.(device) either WebVPN-primary or WebVPN-secondary.
%ASA-6-721002: (device) HA status change: event event, my state my_state, peer state peer.
%ASA-6-721003: (device) HA progression change: event event, my state my_state, peer state peer.
%ASA-6-721004: (device) Create access list list_name on standby unit.
%ASA-6-721005: (device) Fail to create access list list_name on standby unit.
%ASA-6-721006: (device) Update access list list_name on standby unit.
%ASA-6-721008: (device) Delete access list list_name on standby unit.
%ASA-6-721009: (device) Fail to delete access list list_name on standby unit.
%ASA-6-721010: (device) Add access list rule list_name, line line_no on standby unit.
%ASA-6-721012: (device) Enable APCF XML file file_name on the standby unit.
%ASA-6-721014: (device) Disable APCF XML file file_name on the standby unit.
%ASA-6-721016: (device) WebVPN session for client user user_name, IP ip_address has been created.
%ASA-6-721018: (device) WebVPN session for client user user_name, IP ip_address has been deleted.
%ASA-6-722013: Group group User user-name IP IP_address SVC Message: type-num/INFO: message
%ASA-6-722014: Group group User user-name IP IP_address SVC Message: type-num/INFO: message
%ASA-6-722022: Group group-name User user-name IP addr (TCP | UDP) connection established (with | without) compression
%ASA-6-722023: Group group User user-name IP IP_address SVC connection terminated {with|without} compression
%ASA-6-722024: SVC Global Compression Enabled
%ASA-6-722025: SVC Global Compression Disabled
%ASA-6-722026: Group group User user-name IP IP_address SVC compression history reset
%ASA-6-722027: Group group User user-name IP IP_address SVC decompression history reset
%ASA-6-722051: Group group-policy User username IP public-ip Address assigned-ip assigned to session
%ASA-6-722053: Group g User u IP ip Unknown client user-agent connection.
%ASA-6-722055: Group group-policy User username IP public-ip Client Type: user-agent
%ASA-6-723001: Group group-name, User user-name, IP IP_address: WebVPN Citrix ICA connection connection is up.
%ASA-6-723002: Group group-name, User user-name, IP IP_address: WebVPN Citrix ICA connection connection is down.
%ASA-6-725001: Starting SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol session.
%ASA-6-725002: Device completed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port for protocol-version
session
%ASA-6-725003: SSL peer-type interface:src-ip/src-port to dst-ip/dst-port request to resume previous session.
%ASA-6-725004: Device requesting certificate from SSL peer-type interface:src-ip/src-port to dst-ip/dst-port for authentication.
%ASA-6-725005: SSL peer-type interface:src-ip/src-port to dst-ip/dst-port requesting our device certificate for authentication.
%ASA-6-725006: Device failed SSL handshake with peer-type interface:src-ip/src-port to dst-ip/dst-port
%ASA-6-725007: SSL session with peer-type interface:src-ip/src-port to dst-ip/dst-port terminated.
%ASA-6-726001: Inspected im_protocol im_service Session between Client im_client_1 and im_client_2 Packet flow from src_ifc:/sip/sport
to dest_ifc:/dip/dport Action: action Matched Class class_map_id class_map_name
%ASA-6-730004: Group groupname User username IP ipaddr VLAN ID vlanid from AAA ignored.
%ASA-6-730005: Group groupname User username IP ipaddr VLAN ID vlanid from AAA is invalid.
%ASA-6-730008: Group groupname, User username, IP ipaddr, VLAN MAPPING timeout waiting NACApp.
%ASA-6-725016: Device selects trust-point <trustpoint> for peer-type interface:src-ip/src-port to dst-ip/dst-port
%ASA-6-732001: Group groupname, User username, IP ipaddr, Fail to parse NAC-SETTINGS nac-settings-id, terminating connection.
%ASA-6-732002: Group groupname, User username, IP ipaddr, NAC-SETTINGS settingsid from AAA ignored, existing NAC-SETTINGS
settingsid_inuse used instead.
%ASA-6-732003: Group groupname, User username, IP ipaddr, NAC-SETTINGS nac-settings-id from AAA is invalid, terminating connection.
%ASA-6-734001: DAP: User user, Addr ipaddr, Connection connection: The following DAP records were selected for this connection:
DAP record names
%ASA-6-737005: IPAA: DHCP configured, request succeeded for tunnel-group 'tunnel-group'
%ASA-6-737006: IPAA: Local pool request succeeded for tunnel-group 'tunnel-group'
%ASA-6-747004: Clustering: state machine changed from state state-name to state-name.
%ASA-6-748008: [CPU load
percentage
| memory load
percentage
] of module
slot_number
in chassis
chassis_number
(
member-name
) exceeds overflow protection threshold [CPU
percentage
| memory
percentage
]. System may be oversubscribed on member failure.
%ASA-6-748009: [CPU load percentage | memory load percentage] of chassis chassis_number exceeds overflow protection threshold
[CPU percentage | memory percentage}. System may be oversubscribed on chassis failure.
%ASA-6-767001: Inspect-name: Dropping an unsupported IPv6/IP46/IP64 packet from interface:IP Addr to interface:IP Addr (fail-close)
%ASA-6-776008: CTS SXP: Connection with peer IP (instance connection instance num) state changed from original state to final
state.
%ASA-6-776251: CTS SGT-MAP: Binding binding IP - SGname(SGT) from source name added to binding manager.
%ASA-6-776253: CTS SGT-MAP: Binding binding IP - new SGname(SGT) from new source name changed from old sgt: old SGname(SGT)
from old source old source name.
%ASA-6-776303: CTS Policy: Security-group name "sgname" is resolved to security-group tag sgt
%ASA-6-776311: CTS Policy: Previously unresolved security-group name "sgname" is now resolved to security-group tag sgt
%ASA-6-775001: Scansafe: protocol connection conn_id from interface_name:real_address/real_port [(idfw_user)] to interface_name:real_address/real_port
redirected to server_interface_name:server_ip_address
%ASA-6-775003: Scansafe:protocol connection conn_id from interface_name:real_address/real_port [(idfw_user)] to interface_name:real_address/real_port
is whitelisted.
%ASA-6-775006: Primary server interface:ip_address is not reachable and backup server interface:ip_address is now active
%ASA-6-772005: REAUTH: user username passed authentication
%ASA-6-775005: Scansafe: Primary server ip_address is reachable now
%ASA-6-778001: VXLAN: Invalid VXLAN segment-id segment-id for protocol from ifc-name:(IP-address/port) to ifc-name:(IP-address/port).
%ASA-6-778002: VXLAN: There is no VNI interface for segment-id segment-id.
%ASA-6-778003: VXLAN: Invalid VXLAN segment-id segment-id for protocol from ifc-name:(IP-address/port) to ifc-name:(IP-address/port)
in FP.
%ASA-6-778004: VXLAN: Invalid VXLAN header for protocol from ifc-name:(IP-address/port) to ifc-name:(IP-address/port) in
%ASA-6-778005: VXLAN: Packet with VXLAN segment-id segment-id from ifc-name is denied by FP L2 check.
%ASA-6-778006: VXLAN: Invalid VXLAN UDP checksum from ifc-name:(IP-address/port) to ifc-name:(IP-address/port) in FP.
%ASA-6-778007: VXLAN: Packet from ifc-name:IP-address/port to IP-address/port was discarded due to invalid NVE peer.
%ASA-6-779001: STS: Out-tag lookup failed for in-tag segment-id of protocol from ifc-name:IP-address/port to IP-address/port.
%ASA-6-779002: STS: STS and NAT locate different egress interface for segment-id segment-id, protocol from ifc-name:IP-address/port
to IP-address/port
%ASA-6-780001: RULE ENGINE: Started compilation for access-group transaction - description of the transaction.
%ASA-6-780002: RULE ENGINE: Finished compilation for access-group transaction - description of the transaction.
%ASA-6-780003: RULE ENGINE: Started compilation for nat transaction - description of the transaction.
%ASA-6-780004: RULE ENGINE: Finished compilation for nat transaction - description of the transaction.
%ASA-6-803001:Bypass is continuing after power up, no protection will be provided by the system for traffic over GigabitEthernet
1/1-1/2
%ASA-6-803002: No protection will be provided by the system for traffic over GigabitEthernet 1/1-1/2
%ASA-6-803003: User disabled bypass manually on GigabitEthernet 1/1-1/2
%ASA-6-804001: Interface GigabitEthernet1/3 1000BaseSX SFP has been inserted
%ASA-6-804002: Interface GigabitEthernet1/3 SFP has been removed
%ASA-6-805002: Flow is no longer offloaded: connection conn_id outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port)
inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port) Protocol
%ASA-6-805003: Flow could not be offloaded: connection <conn_id> <outside_ifc>:<outside_addr>/<outside_port> (<mapped_addr>/<mapped_port>)
< inside_ifc>:<inside_addr>/<inside_port> (<mapped_addr>/<mapped_port>) <Protocol>
%ASA-6-806001: Primary alarm CPU temperature is High temperature
%ASA-6-806002: Primary alarm for CPU high temperature is cleared
%ASA-6-806003: Primary alarm CPU temperature is Low temperature
%ASA-6-806004: Primary alarm for CPU Low temperature is cleared
%ASA-6-806005: Secondary alarm CPU temperature is High temperature
%ASA-6-806006: Secondary alarm for CPU high temperature is cleared
%ASA-6-806007: Secondary alarm CPU temperature is Low temperature
%ASA-6-806008: Secondary alarm for CPU Low temperature is cleared
%ASA-6-806009: Alarm asserted for ALARM_IN_1 description
%ASA-6-806010: Alarm cleared for ALARM_IN_1 alarm_1_description
%ASA-6-806011: Alarm asserted for ALARM_IN_2 description
%ASA-6-806012: Alarm cleared for ALARM_IN_2 alarm_2_description
%ASA-7-713187: Tunnel Rejected: IKE peer does not match remote peer as defined in L2L policy IKE peer address: IP_address,
Remote peer address: IP_address
%ASA-7-713190: Got bad refCnt (ref_count_value) assigning IP_address (IP_address)
%ASA-7-713204: Adding static route for client address: IP_address
%ASA-7-713222: Group group Username username IP ip Static Crypto Map check, map = crypto_map_tag, seq = seq_number, ACL does
not match proxy IDs src:source_address dst:dest_address
%ASA-7-713263: Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask /prefix_len, Protocol protocol,
Port port
%ASA-7-713264: Received local IP Proxy Subnet data in ID Payload: Address IP_address, Mask /prefix_len, Protocol protocol,
Port port {“Received remote IP Proxy Subnet data in ID Payload: Address %a, Mask/%d, Protocol %u, Port %u”}
%ASA-7-713273: Deleting static route for client address: IP_Address IP_Address address of client whose route is being removed
%ASA-7-713906: Descriptive_event_string.
%ASA-7-714001: description_of_event_or_packet
%ASA-7-714002: IKE Initiator starting QM: msg id = message_number
%ASA-7-714003: IKE Responder starting QM: msg id = message_number
%ASA-7-714004: IKE Initiator sending 1st QM pkt: msg id = message_number
%ASA-7-714005: IKE Responder sending 2nd QM pkt: msg id = message_number
%ASA-7-714006: IKE Initiator sending 3rd QM pkt: msg id = message_number
%ASA-7-714007: IKE Initiator sending Initial Contact
%ASA-7-720050: (VPN-unit) Failed to remove timer. ID = id.
%ASA-7-722029: Group group User user-name IP IP_address SVC Session Termination: Conns: connections, DPD Conns: DPD_conns,
Comp resets: compression_resets, Dcmp resets: decompression_resets
%ASA-7-722030: Group group User user-name IP IP_address SVC Session Termination: In: data_bytes (+ctrl_bytes) bytes, data_pkts
(+ctrl_pkts) packets, drop_pkts drops
%ASA-7-722031: Group group User user-name IP IP_address SVC Session Termination: Out: data_bytes (+ctrl_bytes) bytes, data_pkts
(+ctrl_pkts) packets, drop_pkts drops.
%ASA-7-723003: No memory for WebVPN Citrix ICA connection connection.
%ASA-7-723004: WebVPN Citrix encountered bad flow control flow.
%ASA-7-723005: No channel to set up WebVPN Citrix ICA connection.
%ASA-7-723006: WebVPN Citrix SOCKS errors.
%ASA-7-723007: WebVPN Citrix ICA connection connection list is broken.
%ASA-7-723008: WebVPN Citrix ICA SOCKS Server server is invalid.
%ASA-7-723009: Group group-name, User user-name, IP IP_address: WebVPN Citrix received data on invalid connection connection.
%ASA-7-723010: Group group-name, User user-name, IP IP_address: WebVPN Citrix received closing channel channel for invalid
connection connection.
%ASA-7-723011: Group group-name, User user-name, IP IP_address: WebVPN Citrix receives bad SOCKS socks message length msg-length.
Expected length is exp-msg-length.
%ASA-7-723012: Group group-name, User user-name, IP IP_address: WebVPN Citrix received bad SOCKS socks message format.
%ASA-7-723013: WebVPN Citrix encountered invalid connection connection during periodic timeout.
%ASA-7-723014: Group group-name, User user-name, IP IP_address: WebVPN Citrix TCP connection connection to server server
on channel channel initiated.
%ASA-7-725008: SSL peer-type interface:src-ip/src-port to dst-ip/dst-port proposes the following n cipher(s).
%ASA-7-725009: Device proposes the following n cipher(s) peer-type interface:src-ip/src-port to dst-ip/dst-port.
%ASA-7-725010: Device supports the following n cipher(s).
%ASA-7-725011: Cipher[order]: cipher_name
%ASA-7-725012: Device chooses cipher cipher for the SSL session with peer-type interface:src-ip/src-port to dst-ip/dst-port.
%ASA-7-725013: SSL peer-type interface:src-ip/src-port to dst-ip/dst-port chooses cipher cipher
%ASA-7-725014: SSL lib error. Function: function Reason: reason
%ASA-7-725017: No certificates received during the handshake with %s %s:%B/%d to %B/%d for %s session
%ASA-7-730001: Group groupname, User username, IP ipaddr: VLAN MAPPING to VLAN vlanid
%ASA-7-730002: Group groupname, User username, IP ipaddr: VLAN MAPPING to VLAN vlanid failed
%ASA-7-730003: NACApp sets IP ipaddr VLAN to vlanid
%ASA-7-730006: Group groupname, User username, IP ipaddr: is on NACApp AUTH VLAN vlanid.
%ASA-7-73007: Group groupname, User username, IP ipaddr: changed VLAN to <%s> ID vlanid
%ASA-7-730010: Group groupname, User username, IP ipaddr, VLAN Mapping is enabled on VLAN vlanid.
%ASA-7-734003: DAP: User name, Addr ipaddr: Session Attribute: attr name/value
%ASA-7-737001: IPAA: Received message ‘message-type’
%ASA-7-747005: Clustering: State machine notify event event-name (event-id, ptr-in-hex, ptr-in-hex)
%ASA-7-747006: Clustering: State machine is at state state-name
% ASA-7-737200: VPNFIP: Pool=pool, Allocated ip-address from pool
% ASA-7-737201: VPNFIP: Pool=pool, Returned ip-address to pool (recycle=recycle)
% ASA-7-737206: VPNFIP: Pool=pool, DEBUG: message
% ASA-7-737400: POOLIP: Pool=pool, Allocated ip-address from pool
% ASA-7-737401: POOLIP: Pool=pool, Returned ip-address to pool (recycle=recycle)
% ASA-7-737407: POOLIP: Pool=pool, DEBUG: message
%ASA-7-750016: Local: localIP:port Remote:remoteIP:port Username: username IKEv2 Need to send a DPD message to peer
%ASA-7-751003: Local: localIP:port Remote:remoteIP:port Username: username/group Need to send a DPD message to peer
%ASA-7-752002: Tunnel Manager Removed entry. Map Tag = mapTag. Map Sequence Number = mapSeq.
%ASA-7-752008: Duplicate entry already in Tunnel Manager.
%ASA-7-776012: CTS SXP: timer name timer started for connection with peer peer IP.
%ASA-7-776013: CTS SXP: timer name timer stopped for connection with peer peer IP.
%ASA-7-776014: CTS SXP: SXP received binding forwarding request (action) binding binding IP - SGname(SGT).
%ASA-7-776015: CTS SXP: Binding binding IP - SGname(SGT) is forwarded to peer peer IP (instance connection instance num).
%ASA-7-776016: CTS SXP: Binding binding IP - SGName(SGT) from peer peer IP (instance binding's connection instance num) changed
from old instance: old instance num, old sgt: old SGName(SGT).
%ASA-7-776017: CTS SXP: Binding binding IP - SGname(SGT) from peer peer IP (instance connection instance num) deleted in
SXP database.
%ASA-7-776018: CTS SXP: Binding binding IP - SGname(SGT) from peer peer IP (instance connection instance num) added in SXP
database.
%ASA-7-776301: CTS Policy: Security-group tag sgt is mapped to security-group name "sgname"
%ASA-7-776302: CTS Policy: Unknown security-group tag sgt referenced in policies
%ASA-7-776307: CTS Policy: Security-group name for security-group tag sgt renamed from old_sgname" to "new_sgname"
%ASA-7-776308: CTS Policy: Previously unknown security-group tag sgt is now mapped to security-group name "sgname"
%ASA-7-785001: Clustering: Ownership for existing flow from <in_interface>:<src_ip_addr>/<src_port> to <out_interface>:<dest_ip_addr>/<dest_port>
moved from unit <old-owner-unit-id> at site <old-site-id> to <new-owner-unit-id> at site <old-site-id> due to <reason>.
Syslog messages often
include variables. The following table lists most variables that are used in
this guide to describe syslog messages. Some variables that appear in only one
syslog message are not listed.