Recommended Action None required. 604105 Error Message %ASA-4-604105: DHCPD: Unable to send DHCP reply to client hardware_address on interface interface_name. Otherwise, use the cause reported by the secondary unit to verify the status of both units of the pair. 104003 Error Message %ASA-1-104003: (Primary) Switching to FAILED. If the suggested MTU is greater than 256, then the new MTU is set to the suggested value. If this is a router LSA and the link metric is zero, a risk of routing loops and traffic loss in the network exists. More about the author
System will reload if memory usage reaches the configured trigger level of Y%. %ASA-2-201003: Embryonic limit exceeded nconns/elimit for outside_address/outside_port (global_address) inside_address/inside_port on interface interface_name %ASA-2-214001: Terminating manager session from IP_address This message is displayed if the secondary unit reports a failure to the primary unit. (Primary) can also be listed as (Secondary) for the secondary unit. Explanation One unit of the failover pair can no longer communicate with the other unit of the pair. Recommended Action None required. 611309 Error Message %ASA-6-611309: VPNClient: Disconnecting from head end and uninstalling previously downloaded policy: Head End: IP_address Explanation A VPN client is disconnecting and uninstalling a previously
Explanation The LDAP response message contains an attribute that has more than 1000 values. Recommended Action None. 613015 Error Message %ASA-4-613015: Process 1 flushes LSA ID IP_address type-number adv-rtr IP_address in area mask Explanation A router is extensively re-originating or flushing the LSA reported by The protocol variable can be ICMP, TCP, or UDP. If the error persists, it may indicate a possible DoS attack. 109018 Error Message %PIX|ASA-3-109018: Downloaded ACL acl_ID is empty Explanation The downloaded authorization access control list has no ACEs.
These are analogous to a UNIX panic message, and denote an unstable system. Recommended Action None required. 611321 Error Message %ASA-6-611321: VPNClient: Device Pass Thru Disabled Explanation When the ASA is an Easy VPN remote device, the downloaded VPN policy disabled device pass-through. Explanation This is a AAA message. Cisco Asa 5510 Price rack-mountable Operating Temperature : 32 to 104 F (0 to 40 C) Operating Shock: 1.14 m/sec (45 in./sec) 1/2 sine input High Availability: Not supported; Active/Standby Minimum System Flash: 64 MB
Recommended Action Copy the error message exactly as it appears, and report it to Cisco TAC. 108002 Error Message %PIX|ASA-2-108002: SMTP replaced string: out source_address in inside_address data: string Explanation This Recommended Action If the inside port number is 53, the inside host probably is set up as a caching name server. A negotiation was already in progress for local Proxy Local_address/Local_prefix_len, remote Proxy Remote_address/Remote_prefix_len %ASA-3-713266: Could not add route for L2L peer coming in on a dynamic map. http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs1.html Table 1-2 Reason Codes Reason Code Description 1 The local unit is not receiving the hello packet on the failover LAN interface when LAN failover occurs or on the serial failover
Explanation If you configured the log option for an ACL deny statement (access-list id deny command), and a traffic flow matches the ACL statement, the ASA caches the flow information. Cisco Asa 5510 Review This message might be caused by a misconfiguration on the router or the security appliance or by an unsuccessful attempt to attack the routing table of the security appliance. Recommended Action Check the configuration of the Auto Update server. 613001 Error Message %ASA-6-613001: Checksum Failure in database in area string Link State Id IP_address Old Checksum number New Checksum number When this occurs, the authentication attempt will be rejected and the connection denied.
Dropping protocol packet from interface_name:ip_address/port to interface_name:ip_address/port %ASA-3-429004: Unable to set up authentication-proxy rule for the cx action on interface interface_name for policy_type service-policy. %ASA-3-505016: Module module_id application changed from: name this page Explanation You have used the failover command with no arguments on the console, after having previously disabled failover. Cisco Asa 5510 Specs This chapter includes the following sections: Messages 602101 to 634001 Messages 701001 to 805003 Messages 602101 to 634001 This section includes messages from 602101 to 634001. 602101 Error Message %ASA-6-602101: PMTU-D Cisco Asa 5510 Manual source-address— Source address of the login attempt source-port— Source port of the login attempt interface— Destination management interface destination— Destination IP address service— Destination service username— Destination management interface Recommended Action
Recommended Action On the Easy VPN server, make sure that the server IP addresses are correct, and configure the servers as IP addresses instead of hostnames. http://vootext.com/cisco-asa/cisco-asa-enable-dns-on-interface.html This message appears even if you do not have the log option enabled for an ACL. Recommended Action Copy the error message, the configuration and any details about the events leading up to this error and submit them to Cisco TAC. 613007 Error Message %ASA-3-613007: area string Explanation This is a failover message. Cisco Asa 5510 Throughput
udp connections limit %ASA-3-201005: FTP data connection failed for IP_address IP_address %ASA-3-201006: RCMD backconnection failed for IP_address/port. %ASA-3-201008: Disallowing new connections. %ASA-3-201009: TCP connection limit of number for host IP_address on See RFC 3101. Shutdown issued for module %s. %ASA-3-341006: Storage device not available. http://vootext.com/cisco-asa/cisco-asa-vpn-configuration.html Cannot continue, terminating. %ASA-1-716508: internal error in: function: Fiber scheduler is scheduling rotten fiber.
destination_addr—The IP address of the host which will receive the packet destination_port—The port number of the host which will receive the packet. Cisco Asa 5510 Software Recommended Action None required. 109002 Error Message %ASA-6-109002: Auth from inside_address/inside_port to outside_address/outside_port failed (server IP_address failed) on interface interface_name. Recommended Action Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC. 613025 Error Message %ASA-4-613025: Invalid build
If not, contact the Cisco TAC. 109001 Error Message %ASA-6-109001: Auth start for user user from inside_address/ inside_port to outside_address/ outside_port Explanation The ASA is configured for AAA and detects an Recommended Action If the problem persists, contact the Cisco TAC. 621006 Error Message %ASA-6-621006: Mrib disconnected, ( IP_address, IP_address) event cancelled Explanation A packet triggering a data-driven event was received, but Recommended Action This message indicates a possible attack and should be monitored. Cisco Asa 5510 Password Recovery Explanation The router tried to build a router-LSA that is larger than the huge system buffer size or the OSPF protocol imposed maximum.
This is known as asymmetric routing and is not supported on the security appliance. This message displays even if you do not have the log option enabled for an ACL. This generally means to avoid authenticating these connection types to RSA SecurID servers or to any token-based AAA server via RADIUS. 109036 Error Message %ASA-6-109036: Exceeded 1000 attribute values for the navigate to this website Recommended Action None required. 109007 Error Message %PIX|ASA-6-109007: Authorization permitted for user user from inside_address/inside_port to outside_address/outside_port on interface interface_name.
Recommended Action None required. 615001 Error Message %ASA-6-615001: vlan number not available for firewall interface Explanation The switch removed the VLAN from the ASA. Also verify that the unit is powered on and that power cables are properly connected. 103001 Error Message %PIX|ASA-1-103001: (Primary) No response from other firewall (reason code= code). If this is the case, trace the packets to the source and determine the reason these packets were sent. 106016 Error Message %PIX|ASA-2-106016: Deny IP spoof from (IP_address) to IP_address on The SIP response code if the type is Response: 100, 183, 200.
If the value is est-allowed, the packet was denied by the ACL but was allowed for an already established session (for example, an internal user is allowed to accesss the Internet, Inspect inspect_name is not compatible with inspect inspect_name_2 %ASA-3-507003: The flow of type protocol from the originating interface: src_ip/src_port to dest_if:dest_ip/dest_port terminated by inspection engine, reason - %ASA-3-520001: error_string %ASA-3-520002: bad The security group name is displayed with the security group tag, if available. Recommended Action If messages persist from the same source address, messages might indicate a foot-printing or port-scanning attempt.
Recommended Action Configure the failover peers to have the same feature license, and then reenable failover. 105046 Error Message %PIX|ASA-1-105046 (Primary|Secondary) Mate has a different chassis Explanation This message is issued The user is the user name associated with the connection. Check private address on remote client %ASA-3-713258: IP = var1, Attempting to establish a phase2 tunnel on var2 interface but phase1 tunnel is on var3 interface. These objects precede the descriptive text of a message when available.
This message is logged if the primary unit detects a system reload or a power failure on the other unit. "Primary" can also be listed as "Secondary" for the secondary unit. Recommended Action Restart the OSPF process. 613006 Error Message %ASA-3-613006: Reached unknown state in neighbor state machine Explanation An internal software error in this router has resulted in an invalid neighbor min MB required, actual MB found. %ASA-n-216001: internal error in: function: message %ASA-1-216005: ERROR: Duplex-mismatch on interface_name resulted in transmitter lockup. Recommended Action Contact the remote host system administrator to determine the problem.
Recommended Action Copy the error message, the configuration and any details about the events leading up to this error, and submit them to Cisco TAC. 613023 Error Message %ASA-4-613023: Doubly linked Explanation The response from the AAA server cannot be validated. Explanation A dynamic ACL that is configured on a RADIUS server is not converted by the mechanism for automatically detecting wildcard netmasks. in_ifc —The input interface src_ip —The source IP address of the packet src_port —The source port of the packet out_ifc —The output interface dest_ip —The destination IP address of the packet