• %PIX-6-614002: Split DNS: reply from server:IP_address reverse patched back to original server:IP_address
• %PIX-6-620001: Pre-allocate CTIQBE {RTP | RTCP} secondary channel for
interface_name:outside_address[/outside_port] to interface_name:inside_address[/inside_port]
from CTIQBE_message_name message
Debugging Messages, Severity 7
The following messages appear at severity 7, debugging:
• %PIX-7-109014: uauth_lookup_net fail for uauth_in()
• %PIX-7-109021: Uauth null proxy error
• %PIX-7-111009:User user executed cmd:string
• %PIX-7-304005: URL Server IP_address request pending URL url
• %PIX-7-701001: alloc_user() out of Tcp_user objects
• %PIX-7-702301: lifetime expiring…
• %PIX-7-702303: sa_request…
• %PIX-7-703001: H.225 message received from interface_name:ip_address/port to interface_name:ip_address/port is using an unsupported version number
• %PIX-7-703002: Received H.225 Release Complete with newConnectionNeeded for interface_name:ip_address to interface_name:ip_address/port
• %PIX-7-709001: FO replication failed: cmd=command returned=code
• %PIX-7-709002: FO unreplicable: cmd=command
• %PIX-7-710001: TCP access requested from source_address/source_port to interface_name:dest_address/service
• %PIX-7-710002: {TCP|UDP} access permitted from source_address/source_port to interface_name:dest_address/service
• %PIX-7-710005: {TCP|UDP} request discarded from source_address/source_port to interface_name:dest_address/service
• %PIX-7-710006: protocol request discarded from source_address to interface_name:dest_address
Appendix A Messages Listed by Severity Level Debugging Messages, Severity 7
I N D E X
A
AAA message 2-16, 2-17
ABR without backbone area 2-50 access denied ActiveX object, filtering 2-70 added messages 1-1
address translation slots 2-27, 2-62 ARP packet mismatch 2-61 ARP poisoning attack 2-61 asymmetric routing 2-14 attacks
ARP poisoning 2-61 DNS HINFO request 2-53 DNS request for all records 2-53 DNS zone transfer 2-53
DNS zone transfer from high port 2-53 DoS 2-15, 2-20, 2-27, 2-65
fragmented ICMP traffic 2-53 IP fragment 2-53
IP fragments overlap 2-53 IP impossible packet 2-53 IP routing table 2-16 land 2-13
large ICMP traffic 2-53
man in the middle 2-51 ping of death 2-53 proxied RPC request 2-54 spoofing 2-12, 2-13, 2-62 statd buffer overflow 2-54 SYN 2-25
TCP FIN only flags 2-53 TCP NULL flags 2-53 TCP SYN+FIN flags 2-53 UDP bomb 2-53
UDP chargen DoS 2-53 UDP snork 2-53 Authen Session End 2-19 authentication
failed 2-17
request succeeds 2-17
Auth from IP address/port to IP address/port failed 2-17 authorization
denied from address 2-18 Auth start for user 2-16
Auto Update URL unreachable 2-86
B
backup server list downloaded 2-83 error 2-83
bandwidth is zero 2-87
beginning configuration replication 2-90 broadcast, invalid source address 2-12 buffer 1-10
built H245 connection 2-35
Index
C
can not specify PAT host 2-11
Cisco PIX Device Manager (PDM) 1-19
Cisco Secure Policy Manager (Cisco Secure PM) 1-19 commands
access-list 2-10
access-list deny-flow-max 2-15 clear local-host 2-64
conduit 2-12
conduit permit icmp 2-12 config 2-23
configure 2-23 failover 2-5 failover active 2-4 filter activex 2-70 filter allow 2-40, 2-41 fixup protocol smtp 2-16 floodguard 2-18
global 2-41
ip verify reverse-path 2-13 logging 1-6
nat 2-41 no failover 2-5 no failover active 2-4 outbound deny 2-10
sysopt connection enforcesubnet 2-12 timeout uauth 2-19 connection limit exceeded 2-93 console output 1-9
CTIQBE
connection object pre-allocation 2-88 unsupported version 2-88
D
default severity level 1-6 deleted messages 1-1
denied manager connection 1-5 deny
inbound from outside 2-11 inbound ICMP 2-12 inbound UDP 2-10
inbound UDP due to query/response 2-10 IP from address to address 2-11
IP spoof 2-12 self route 2-11
TCP (no connection) 2-12 detecting use of Internet phone 2-35 device pass through
disabled 2-85 enabled 2-85
DHCP client and server 2-75 disabling messages 1-14
DNS HINFO request attack 2-53 DNS query or response is denied 2-10 DNS request for all records attack 2-53 DNS server too slow 2-10
DNS zone transfer attack 2-53
DNS zone transfer from high port attack 2-53 DoS attack 2-15, 2-20, 2-27, 2-65
dropping echo request 2-11
Index
split network entry duplicate 2-86 SUA embryonic limit exceeded 2-25 enabling logging 1-9
end configuration--FAILED 2-23 End Configuration Replication 2-91 erase configuration 2-22
F
failover active command 2-4 failover command 2-5
failover messages 2-1, 2-3, 2-5, 2-7, 2-90, 2-91 filter activex command 2-70
filter allow command 2-40, 2-41 filtering ActiveX objects 2-70 fixup protocol smtp command 2-16 floodguard command 2-18
format of messages 1-15
fragmented ICMP traffic attack 2-53 FTP data connection failed 2-26
G
hello packet with duplicate router ID 2-68 hostile event 2-13, 2-56, 2-57, 2-59
host limit 2-64
HTTPS process limit 2-22
I
ICMP
packet denied 2-11, 2-12 translation creation failed 2-42 IDB initializatrion 2-51
inbound TCP connection denied 2-9 insufficient memory 2-27, 2-62 interface
bandwidth is zero 2-87 virtual 2-34
Internet phone, detecting use of 2-35
invalid character replaced in email address 2-16 invalid source addresses 2-12
IP fragment attack 2-53
IP fragments overlap attack 2-53 IP impossible packet attack 2-53 IP route counter decrement failure 2-65 IP routing table
Index
L
land attack 2-13
large ICMP traffic attack 2-53
Leaving ALLOW mode, URL Server 2-41 level
0 1-6 default 1-6 severity 1-16
link status ‘Up’ or ’Down’ 2-6 load balancing cluster
disconnected 2-84 redirected 2-83
logging command overview 1-6 logging output locations 1-10
loopback network, invalid source address 2-12 lost failover communications with mate 2-6 low memory 2-49
LSA
default with wrong mask 2-67 invalid type 2-66
not found 2-50
M
MAC address mismatch 2-62 man in the middle attack 2-51 memory message block alloc failed 2-7 messages monitoring on interface 2-6 MPPE 2-58
MS-CHAP 2-58
N
nat command 2-41
network range area change 2-87 new messages 1-1
no associated connection within connection table 2-12 no authentication server found 2-17
nobody keyword in a message 1-9 no failover active command 2-4 no failover command 2-5 no translation group found 2-41
O
OSPF
ABR without backbone area 2-50 checksum error 2-87
database description from unknown neighbor 2-66 database request from unknown neighbor 2-66 hello from unknown neighbor 2-66
hello packet with duplicate router ID 2-68 IDB initializatrion 2-51
invalid packet 2-66
IP routing table inconsistency 2-50 LSA
default with wrong mask 2-67 invalid type 2-66
not found 2-50
Index
network range area change 2-87 packet of invalid length 2-66 process reset 2-51
router ID allocation failure 2-67 router-id reset 2-51
virtual links 2-51
outbound deny command 2-10 out of address translation slots! 2-27 output locations
PDM (PIX Device Manager) 1-19 permitted
manager connection 1-5, 2-44 Telnet login session 1-5 ping of death attack 2-53 PIX
clear finished 2-24
console enable password incorrect 2-44 reload command executed 2-24
power failure, failover 2-2 PPP virtual interface 2-34 PPTP tunnel 2-33
PPTP XGRE packet 2-57
preallocate H323 UDP backconnection 2-35 proxied RPC request attack 2-54
R
RADIUS authentication 2-58 RCMD, back connection failed 2-26 rebuilt TCP connection 2-35 reenabling messages 1-14 reload command 2-23, 2-24 request discarded 2-93
router ID allocation failure 2-67 router-id reset 2-51
rsh command 2-26
S
security breach 2-11
security policy management 1-19 self route 2-11
SETUP message 2-63 severity level
0 1-6 default 1-6
severity levels definition 1-16 show blocks command 2-7 show outbound command 2-10 show static command 2-25 SMTP 2-16
SNMP management station 1-13 split network entry duplicate 2-86 spoofing attack 2-12, 2-13, 2-62 SSH 1-5
statd buffer overflow attack 2-54 SUA
sysopt connection enforcesubnet command 2-12
Index
connection limit exceeded 2-93 request discarded 2-93
translation creation failed 2-42 TCP FIN only flags attack 2-53 TCP NULL flags attack 2-53 TCP SYN+FIN flags attack 2-53 Telnet logging 1-11, 1-20
Telnet login session failed 1-5 terminal monitor command 1-11 testing
interface 2-7 logging 1-9
timeouts, recommended values 2-64 timeout uauth command 2-19 too many connections on static 2-25 tunnel, PPTP 2-33 chargen DoS attack 2-53 packet 2-10
request discarded 2-93 snork attack 2-53
translation creation failed 2-42 URL
variables in messages 1-15, 1-16 virtual interface 2-34
virtual links 2-51
vpdn group command 2-58 VPN
peer limit 2-48 tunnel 2-48
W
web requests, unfiltered 2-40 Websense server 2-40 write command 2-23 write erase command 2-22
X
XAUTH enabled 2-85 XGRE 2-57