Syslog Messages 302003 to 341011

This chapter contains the following sections:

Messages 302003 to 319004

This chapter includes messages from 302003 to 319004 .

302003

Error Message %FTD-6-302003: Built H245 connection for foreign_address outside_address /outside_port local_address inside_address /inside_port

Explanation An H.245 connection has been started from the outside_address to the inside_address. The Secure Firewall Threat Defense device has detected the use of an Intel Internet Phone. The foreign port (outside_port ) only appears on connections from outside the Secure Firewall Threat Defense device. The local port value (inside_port ) only appears on connections that were started on an internal interface.

Recommended Action None required.

302004

Error Message %FTD-6-302004: Pre-allocate H323 UDP backconnection for foreign_address outside_address /outside_port to local_address inside_address /inside_port

Explanation An H.323 UDP back connection has been preallocated to the foreign address (outside_address) from the local address (inside_address). The Secure Firewall Threat Defense device has detected the use of an Intel Internet Phone. The foreign port (outside_port) only appears on connections from outside the Secure Firewall Threat Defense device. The local port value (inside_port) only appears on connections that were started on an internal interface.

Recommended Action None required.

302010

Error Message %FTD-6-302010: connections in use, connections most used

Explanation Provides information on the number of connections that are in use and most used.

  • connections—The number of connections

Recommended Action None required.

302012

Error Message %FTD-6-302012: Pre-allocate H225 Call Signalling Connection for faddr IP_address /port to laddr IP_address

Explanation An H.225 secondary channel has been preallocated.

Recommended Action None required.

302013

Error Message%FTD-6-302013: Built {inbound|outbound} [Probe] TCP connection_id for interface :real-address /real-port (mapped-address/mapped-port ) [(idfw_user )] to interface :real-address /real-port (mapped-address/mapped-port ) [(idfw_user )] [(user )]

Explanation A TCP connection slot between two hosts was created.

  • probe—Indicates the TCP connection is a probe connection

  • connection_id —A unique identifier
  • interface, real-address, real-port—The actual sockets
  • mapped-address, mapped-port—The mapped sockets
  • user—The AAA name of the user
  • idfw_user—The name of the identity firewall user

If inbound is specified, the original control connection was initiated from the outside. For example, for FTP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, the original control connection was initiated from the inside.

Recommended Action None required.

302014

Error Message %FTD-6-302014: Teardown [Probe] TCP connection id for interface :real-address /real-port [(idfw_user )] to interface :real-address /real-port [(idfw_user )] duration hh:mm:ss bytes bytes [reason [from teardown-initiator]] [(user )]

Explanation A TCP connection between two hosts was deleted. The following list describes the message values:

  • probe—Indicates the TCP connection is a probe connection

  • id —A unique identifier

  • interface, real-address, real-port—The actual socket

  • duration—The lifetime of the connection

  • bytes The data transfer of the connection

  • User—The AAA name of the user

  • idfw_user —The name of the identity firewall user

  • reason—The action that causes the connection to terminate. Set the reason variable to one of the TCP termination reasons listed in the following table.

  • teardown-initiator—Interface name of the side that initiated the teardown.

Table 1. TCP Termination Reasons

Reason

Description

Conn-timeout

The connection ended when a flow is closed because of the expiration of its inactivity timer.

Deny Terminate

Flow was terminated by application inspection.

Failover primary closed

The standby unit in a failover pair deleted a connection because of a message received from the active unit.

FIN Timeout

Force termination after 10 minutes awaiting the last ACK or after half-closed timeout.

Flow closed by inspection

Flow was terminated by the inspection feature.

Flow terminated by IPS

Flow was terminated by IPS.

Flow reset by IPS

Flow was reset by IPS.

Flow terminated by TCP Intercept

Flow was terminated by TCP Intercept.

Flow timed out

Flow has timed out.

Flow timed out with reset

Flow has timed out, but was reset.

Flow is a loopback

Flow is a loopback.

Free the flow created as result of packet injection

The connection was built because the packet tracer feature sent a simulated packet through the Secure Firewall Threat Defense device.

Invalid SYN

The SYN packet was not valid.

IPS fail-close

Flow was terminated because the IPS card is down.

No interfaces associated with zone

Flows were torn down after the “no nameif” or “no zone-member” leaves a zone with no interface members.

No valid adjacency

This counter is incremented when the Secure Firewall Threat Defense device tried to obtain an adjacency and could not obtain the MAC address for the next hop. The packet is dropped.

Pinhole Timeout

The counter is incremented to report that the Secure Firewall Threat Defense device opened a secondary flow, but no packets passed through this flow within the timeout interval, and so it was removed. An example of a secondary flow is the FTP data channel that is created after successful negotiation on the FTP control channel.

Probe maximum retries of retransmission exceeded

The connection was torn down because the TCP packet exceeded maximum probe retries of retransmission.

Probe maximum retransmission time elapsed

The connection was torn down because the maximum probing time for TCP packet had elapsed.

Probe received RST

The connection was torn down because probe connection received RST from server.

Probe received FIN

The connection was torn down because probe connection received FIN from server and complete FIN closure process was completed.

Probe completed

The probe connection was successful.

Route change

When the Secure Firewall Threat Defense device adds a lower cost (better metric) route, packets arriving that match the new route cause their existing connection to be torn down after the user-configured timeout (floating-conn) value. Subsequent packets rebuild the connection out of the interface with the better metric. To prevent the addition of lower cost routes from affecting active flows, you can set the floating-conn configuration timeout value to 0:0:0.

SYN Control

A back channel initiation occurred from the wrong side.

SYN Timeout

Force termination after 30 seconds, awaiting three-way handshake completion.

TCP bad retransmission

The connection was terminated because of a bad TCP retransmission.

TCP FINs

A normal close-down sequence occurred.

TCP Invalid SYN

Invalid TCP SYN packet.

TCP Reset - APPLIANCE

The flow is closed when a TCP reset is generated by the Secure Firewall Threat Defense device.

TCP Reset - I

Reset was from the inside.

TCP Reset - O

Reset was from the outside.

TCP segment partial overlap

A partially overlapping segment was detected.

TCP unexpected window size variation

A connection was terminated due to variation in the TCP window size.

Tunnel has been torn down

Flow was terminated because the tunnel is down.

Unauth Deny

An authorization was denied by a URL filter.

Note

 

This reason is not applicable for Secure Firewall Threat Defense device URL Filtering. Use the 430002 syslog to monitor the Secure Firewall Threat Defense device access control rules enabled for syslog.

Unknown

An unknown error has occurred.

VPN reclassify failed

When connections fail to be reclassified for passing through a VPN tunnel.

Xlate Clear

A command line was removed.

Recommended Action None required.

302015

Error Message %FTD-6-302015: Built {inbound|outbound} UDP connection number for interface_name :real_address /real_port (mapped_address /mapped_port ) [(idfw_user )] to interface_name :real_address /real_port (mapped_address /mapped_port )[(idfw_user )] [(user )]

Explanation A UDP connection slot between two hosts was created. The following list describes the message values:

  • number—A unique identifier
  • interface, real_address, real_port—The actual sockets
  • mapped_address and mapped_port—The mapped sockets
  • user—The AAA name of the user
  • idfw_user —The name of the identity firewall user

If inbound is specified, then the original control connection is initiated from the outside. For example, for UDP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, then the original control connection is initiated from the inside.

Recommended Action None required.

302016

Error Message %FTD-6-302016: Teardown UDP connection number for interface :real-address /real-port [(idfw_user )] to interface :real-address /real-port [(idfw_user )] duration hh :mm :ss bytes bytes [(user )]

Explanation A UDP connection slot between two hosts was deleted. The following list describes the message values:

  • number—A unique identifier
  • interface, real_address, real_port—The actual sockets
  • time—The lifetime of the connection
  • bytes—The data transfer of the connection
  • id—A unique identifier
  • interface, real-address, real-port—The actual sockets
  • duration The lifetime of the connection
  • bytes—The data transfer of the connection
  • user—The AAA name of the user
  • idfw_user —The name of the identity firewall user

Recommended Action None required.

302017

Error Message %FTD-6-302017: Built {inbound|outbound} GRE connection id from interface :real_address (translated_address ) [(idfw_user )] to interface :real_address /real_cid (translated_address /translated_cid ) [(idfw_user )] [(user )

Explanation A GRE connection slot between two hosts was created. The id is an unique identifier. The interface, real_address, real_cid tuple identifies the one of the two simplex PPTP GRE streams. The parenthetical translated_address, translated_cid tuple identifies the translated value with NAT. If inbound is indicated, then the connection can only be used inbound. If outbound is indicated, then the connection can only be used for outbound. The following list describes the message values:

  • id—Unique number identifying the connection
  • inbound—Control connection is for inbound PPTP GRE flow
  • outbound—Control connection is for outbound PPTP GRE flow
  • interface_name—The interface name
  • real_address—IP address of the actual host
  • real_cid—Untranslated call ID for the connection
  • translated_address—IP address after translation
  • translated_cid—Translated call
  • user—AAA user name
  • idfw_user —The name of the identity firewall user

Recommended Action None required.

302018

Error Message %FTD-6-302018: Teardown GRE connection id from interface :real_address (translated_address ) [(idfw_user )] to interface :real_address /real_cid (translated_address /translated_cid ) [(idfw_user )] duration hh :mm :ss bytes bytes [(user )]

Explanation A GRE connection slot between two hosts was deleted. The interface, real_address, real_port tuples identify the actual sockets. Duration identifies the lifetime of the connection. The following list describes the message values:

  • id—Unique number identifying the connection
  • interface—The interface name
  • real_address—IP address of the actual host
  • real_port—Port number of the actual host.
  • hh:mm:ss—Time in hour:minute:second format
  • bytes—Number of PPP bytes transferred in the GRE session
  • reason—Reason why the connection was terminated
  • user—AAA user name
  • idfw_user —The name of the identity firewall user

Recommended Action None required.

302019

Error Message %FTD-3-302019: H.323 library_name ASN Library failed to initialize, error code number

Explanation The specified ASN librar y that the Secure Firewall Threat Defense device uses for decoding the H.323 messages failed to initialize; the Secure Firewall Threat Defense device cannot decode or inspect the arriving H.323 packet. The Secure Firewall Threat Defense device allows the H.323 packet to pass through without any modification. When the next H.323 message arrives, the Secure Firewall Threat Defense device tries to initialize the library again.

Recommended Action If this message is generated consistently for a particular library, contact the Cisco TAC and provide them with all log messages (preferably with timestamps).

302020

Error Message %FTD-6-302020: Built {in | out} bound ICMP connection for faddr {faddr | icmp_seq_num } [(idfw_user )] gaddr {gaddr | icmp_type } laddr laddr [(idfw_user )] type {type } code {code } Rx [{circular_buffer_size }]

Explanation This message is gnerated when an ICMP session was established in the fast-path. The following list describes the message values:

  • faddr —Specifies the IP address of the foreign host
  • gaddr —Specifies the IP address of the global host
  • laddr —Specifies the IP address of the local host
  • idfw_user —The name of the identity firewall user
  • user —The username associated with the host from where the connection was initiated
  • type —Specifies the ICMP type
  • code —Specifies the ICMP code
  • Rx—Specifies the received data circular-buffer size, where the buffer is overwritten, starting from the beginning, when the buffer is full.

Recommended Action None required.

302021

Error Message %FTD-6-302021: Teardown ICMP connection for faddr {faddr | icmp_seq_num } [(idfw_user )] gaddr {gaddr | icmp_type } laddr laddr [(idfw_user )] type {type } code {code } Rx [{circular_buffer_size }]

Explanation This message is generated when an ICMP session is removed in the fast-path. The following list describes the message values:

  • faddr —Specifies the IP address of the foreign host
  • gaddr —Specifies the IP address of the global host
  • laddr —Specifies the IP address of the local host
  • idfw_user —The name of the identity firewall user
  • user —The username associated with the host from where the connection was initiated
  • type —Specifies the ICMP type
  • code—Specifies the ICMP code
  • Rx—Specifies the received data circular-buffer size, where the buffer is overwritten, starting from the beginning, when the buffer is full.

Recommended Action None required.

302022

Error Message %FTD-6-302022: Built role stub TCP connection for interface :real-address /real-port (mapped-address /mapped-port ) to interface :real-address /real-port (mapped-address /mapped-port)

Explanation A TCP director/backup/forwarder flow has been created.

Recommended Action None required.

302023

Error Message %FTD-6-302023: Teardown stub TCP connection for interface :real-address /real-port to interface :real-address /real-port duration hh:mm:ss forwarded bytes bytes reason

Explanation A TCP director/backup/forwarder flow has been torn down.

Recommended Action None required.

302024

Error Message %FTD-6-302024: Built role stub UDP connection for interface :real-address /real-port (mapped-address /mapped-port ) to interface :real-address /real-port (mapped-address /mapped-port )

Explanation A UDP director/backup/forwarder flow has been created.

Recommended Action None required.

302025

Error Message %FTD-6-302025: Teardown stub UDP connection for interface :real-address /real-port to interface :real-address /real-port duration hh:mm:ss forwarded bytes bytes reason

Explanation A UDP director/backup/forwarder flow has been torn down.

Recommended Action None required.

302026

Error Message %FTD-6-302026: Built role stub ICMP connection for interface :real-address /real-port (mapped-address ) to interface :real-address /real-port (mapped-address )

Explanation An ICMP director/backup/forwarder flow has been created.

Recommended Action None required.

302027

Error Message %FTD-6-302027: Teardown stub ICMP connection for interface :real-address /real-port to interface :real-address /real-port duration hh:mm:ss forwarded bytes bytes reason

Explanation An ICMP director/backup/forwarder flow has been torn down.

Recommended Action None required.

302033

Error Message %FTD-6-302033:Pre-allocated H323 GUP Connection for faddr interface :foreign address /foreign-port to laddr interface :local-address /local-port

Explanation A GUP connection was started from the foreign address to the local address. The foreign port (outside port) only appears on connections from outside the security device. The local port value (inside port) only appears on connections started on an internal interface.

  • interface—The interface name
  • foreign-address —IP address of the foreign host
  • foreign-port —Port number of the foreign host
  • local-address —IP address of the local host
  • local-port —Port number of the local host

Recommended Action None required.

302034

Error Message %FTD-4-302034: Unable to pre-allocate H323 GUP Connection for faddr interface :foreign address /foreign-port to laddr interface :local-address /local-port

Explanation The module failed to allocate RAM system memory while starting a connection or has no more address translation slots available.

  • interface—The interface name
  • foreign-address —IP address of the foreign host
  • foreign-port —Port number of the foreign host
  • local-address —IP address of the local host
  • local-port —Port number of the local host

Recommended Action If this message occurs periodically, it can be ignored. If it repeats frequently, contact the Cisco TAC. You can check the size of the global pool compared to the number of inside network clients. Alternatively, shorten the timeout interval of translations and connections. This message may also be caused by insufficient memory; try reducing the amount of memory usage, or purchasing additional memory.

302302

Error Message %FTD-3-302302: ACL = deny; no sa created

Explanation IPsec proxy mismatches have occurred. Proxy hosts for the negotiated SA correspond to a deny access-list command policy.

Recommended Action Check the access-list command statement in the configuration. Contact the administrator for the peer.

302303

Error Message %FTD-6-302303: Built TCP state-bypass connection conn_id from initiator_interface :real_ip /real_port (mapped_ip /mapped_port ) to responder_interface :real_ip /real_port (mapped_ip /mapped_port )

Explanation A new TCP connection has been created, and this connection is a TCP-state-bypass connection. This type of connection bypasses all the TCP state checks and additional security checks and inspections.

Recommended Action If you need to secure TCP traffic with all the normal TCP state checks as well as all other security checks and inspections, you can use the no set connection advanced-options tcp-state-bypass command to disable this feature for TCP traffic.

302304

Error Message %FTD-6-302304: Teardown TCP state-bypass connection conn_id from initiator_interface :ip/port to responder_interface :ip/port duration , bytes , teardown reason .

Explanation A new TCP connection has been torn down, and this connection is a TCP-state-bypass connection. This type of connection bypasses all the TCP state checks and additional security checks and inspections.

  • duration —The duration of the TCP connection
  • bytes —The total number of bytes transmitted over the TCP connection
  • teardown reason —The reason for the teardown of the TCP connection

Recommended Action If you need to secure TCP traffic with all the normal TCP state checks as well as all other security checks and inspections, you can use the no set connection advanced-options tcp-state-bypass command to disable this feature for TCP traffic.

4302310

Error Message %FTD-4-302310: SCTP packet received from src_ifc:src_ip/src_port to dst_ifc:dst_ip/dst_port contains unsupported Hostname Parameter.

Explanation A init/init-ack packet is received with the hostname parameter.

  • packet init/init-ack—The message carrying the hostname parameter
  • src-ifc— Indicates the ingress interface
  • src-ip/src-port— Indicates the Source IP and Port in the packet
  • dst-ifc—Indicates the egress interface
  • dst_ip/dst_port—Indicates the Source IP and Port in the packet

Recommended Action Use the real IP addresses of endpoints rather than the hostname. Disable the hostname parameter.

302311

Error Message %FTD-4-302311: Failed to create a new protocol connection from ingress interface:source IP/source port to egress interface:destination IP/destination port due to application cache memory allocation failure. The app-cache memory threshold level is threshold% and threshold check is enabled/disabled.

Explanation A new connection could not be created due to app-cache memory allocation failure. The failure could be due to system running out of memory or exceeding app-cache memory threshold.

  • protocol—The name of the protocol used to create the connection
  • ingress interface—The interface name
  • source IP—The source IP address

  • source port—The source port number

  • egress interface—The interface name

  • destination IP— The destination address

  • destination port—The destination port number

  • threshold%—The percentage value of memory threshold

  • enabled/disabled—app-cache memory threshold feature enabled/disabled

Recommended Action Disable memory intensive features on the device or reduce the number of through-the-box connections.

303002

Error Message %FTD-6-303002: FTP connection from src_ifc :src_ip /src_port to dst_ifc :dst_ip /dst_port , user username action file filename

Explanation A client has uploaded or downloaded a file from the FTP server.

  • src_ifc—The interface where the client resides.
  • src_ip—The IP address of the client.
  • src_port—The client port.
  • dst_ifc—The interface where the server resides.
  • dst_ip—The IP address of the FTP server.
  • dst_port—The server port.
  • username—The FTP username.
  • action—The stored or retrieved actions.
  • filename—The file stored or retrieved.

Recommended Action None required.

303004

Error Message %FTD-5-303004: FTP cmd_string command unsupported - failed strict inspection, terminating connection from source_interface :source_address /source_port to dest_interface :dest_address/dest_interface

Explanation Strict FTP inspection on FTP traffic has been used, and an FTP request message contains a command that is not recognized by the device.

Recommended Action None required.

303005

Error Message %FTD-5-303005: Strict FTP inspection matched match_string in policy-map policy-name , action_string from src_ifc :sip /sport to dest_ifc :dip /dport

Explanation When FTP inspection matches any of the following configured values: filename, file type, request command, server, or username, then the action specified by the action_string in this message occurs.

  • match_string —The match clause in the policy map
  • policy-name—The policy map that matched
  • action_string—The action to take; for example, Reset Connection
  • src_ifc—The source interface name
  • sip—The source IP address
  • sport—The source port
  • dest_ifc—The destination interface name
  • dip—The destination IP address
  • dport—The destination port

Recommended Action None required.

305006

Error Message %FTD-3-305006: {outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port [(idfw_user )] dst interface_name:dest_address/dest_port [(idfw_user )]

Explanation The ICMP error inspection was enabled and the following conditions were met:

  • There was a connection established through the device with forward and reverse flows having different protocols. For example, forward flow is UDP or TCP, reverse flow is ICMP. The switch in protocols occurs when either the receiver or any intermediary device in the path returns ICMP error messages, for example type 3 code 3.

  • There was a dynamic NAT/PAT statement that matched the packets of the reverse flow and failed to translate the outer header IP addresses because the device does not apply PAT to all ICMP message types; it only applies PAT ICMP echo and echo-reply packets (types 8 and 0).

Recommended Action None required.

305009

Error Message %FTD-6-305009: Built {dynamic|static} translation from interface_name [(acl-name)]:real_address [(idfw_user )] to interface_name :mapped_address

Explanation An address translation slot was created. The slot translates the source address from the local side to the global side. In reverse, the slot translates the destination address from the global side to the local side.

Recommended Action None required.

305010

Error Message %FTD-6-305010: Teardown {dynamic|static} translation from interface_name :real_address [(idfw_user )] to interface_name :mapped_address duration time

Explanation The address translation slot was deleted.

Recommended Action None required.

305011

Error Message %FTD-6-305011: Built {dynamic|static} {TCP|UDP|ICMP} translation from interface_name :real_address/real_port [(idfw_user )] to interface_name :mapped_address/mapped_port

Explanation A TCP, UDP, or ICMP address translation slot was created. The slot translates the source socket from the local side to the global side. In reverse, the slot translates the destination socket from the global side to the local side.

Recommended Action None required.

305012

Error Message %FTD-6-305012: Teardown {dynamic|static} {TCP|UDP|ICMP} translation from interface_name [(acl-name )]:real_address /{real_port |real_ICMP_ID } [(idfw_user )] to interface_name :mapped_address /{mapped_port |mapped_ICMP_ID } duration time

Explanation The address translation slot was deleted.

Recommended Action None required.

305013

Error Message %FTD-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection protocol src interface_name :source_address /source_port [(idfw_user )] dst interface_name :dst_address /dst_port [(idfw_user )] denied due to NAT reverse path failure.

Explanation An attempt to connect to a mapped host using its actual address was rejected.

Recommended Action When not on the same interface as the host using NAT, use the mapped address instead of the actual address to connect to the host. In addition, enable the inspect command if the application embeds the IP address.

305014

Error Message %FTD-6-305014: Allocated block of ports for translation from real_interface :real_host_ip /real_source_port to real_dest_interface :real_dest_ip /real_dest_port.

Explanation When CGNAT “block-allocation” is configured, this syslog will be generated on allocation of a new port block.

Recommended Action None.

305015

Error Message %FTD-6-305015: Released block of ports for translation from real_interface :real_host_ip /real_source_port to real_dest_interface :real_dest_ip /real_dest_port.

Explanation When CGNAT “block-allocation” is configured, this syslog will be generated on release of an allocated port block.

Recommended Action None.

305016

Error Message %FTD-3-305016: Unable to create protocol connection from real_interface :real_host_ip /real_source_port to real_dest_interface :real_dest_ip /real_dest_port due to reason .

Explanation The maximum port blocks per host limit has been reached for a host or the port blocks have been exhausted.

  • reason —May be one of the following:
    • reaching per-host PAT port block limit of value
    • port block exhaustion in PAT pool

Recommended Action For reaching the per-host PAT port block limit, review the maximum blocks per host limit by entering the following command:


xlate block-allocation maximum-per-host 4

For the port block exhaustion in the PAT pool, we recommend increasing the pool size. Also, review the block size by entering the following command:


xlate block-allocation size 512

305017

Error Message %FTD-3-305017: Pba-interim-logging: Active ICMP block of ports for translation from <source device IP> to <destination device IP>/<Active Port Block>

Explanation When CGNAT interim logging feature is turned on. This syslog specifies the Active Port Block from a particular source IP address to a destination IP address at that time.

Recommended ActionNone.

305021

Error Message %FTD-4-305021: Ports exhausted in pre-allocated PAT pool IP mapped_ip_address for host real_host_ip. Allocating from new PAT pool IP mapped_ip_address.

Explanation This message is generated when all ports are exhausted in the sticky IP on a cluster node and allocation moves to the next available IP with free ports.

Example:

%FTD-4-305021: Ports exhausted in pre-allocated PAT pool IP 174.0.1.1 for host 192.168.1.20. Allocating from new PAT pool IP 174.0.1.2.

Recommended Action None.

305022

Error Message %FTD-4-305022: Cluster unit unit_name has been allocated num_of_port_blocks port blocks for PAT usage. All units should have at least min_num_of_port_blocks port blocks.

Explanation This message is generated on a node when it joins cluster and does not get any or unequal share of port blocks.

Examples

%FTD-4-305022: Cluster unit FTD-4 has been allocated 0 port blocks for PAT usage. All units should have at least 32 port blocks.

%FTD-4-305022: Cluster unit FTD-4 has been allocated 12 port blocks for PAT usage. All units should have at least 32 port blocks.

Recommended Action None.

308001

Error Message %FTD-6-308001: console enable password incorrect for number tries (from IP_address )

Explanation This is a Secure Firewall Threat Defense management message. This message appears after the specified number of times a user incorrectly types the password to enter privileged mode. The maximum is three attempts.

Recommended Action Verify the password and try again.

308002

Error Message %FTD-4-308002: static global_address inside_address netmask netmask overlapped with global_address inside_address

Explanation The IP addresses in one or more static command statements overlap. global_address is the global address, which is the address on the lower security interface, and inside_address is the local address, which is the address on the higher security-level interface.

Recommended Action Use the show static command to view the static command statements in your configuration and fix the commands that overlap. The most common overlap occurs if you specify a network address such as 10.1.1.0, and in another static command you specify a host within that range, such as 10.1.1.5.

311001

Error Message %FTD-6-311001: LU loading standby start

Explanation Stateful Failover update information was sent to the standby Secure Firewall Threat Defense device when the standby Secure Firewall Threat Defense device is first to be online.

Recommended Action None required.

311002

Error Message %FTD-6-311002: LU loading standby end

Explanation Stateful Failover update information stopped sending to the standby Secure Firewall Threat Defense device.

Recommended Action None required.

311003

Error Message %FTD-6-311003: LU recv thread up

Explanation An update acknowledgment was received from the standby Secure Firewall Threat Defense device.

Recommended Action None required.

311004

Error Message %FTD-6-311004: LU xmit thread up

Explanation A Stateful Failover update was transmitted to the standby Secure Firewall Threat Defense device.

Recommended Action None required.

312001

Error Message %FTD-6-312001: RIP hdr failed from IP_address : cmd=string , version=number domain=string on interface interface_name

Explanation The Secure Firewall Threat Defense device received a RIP message with an operation code other than reply, the message has a version number different from what is expected on this interface, and the routing domain entry was nonzero. Another RIP device may not be configured correctly to communicate with the Secure Firewall Threat Defense device.

Recommended Action None required.

313001

Error Message %FTD-3-313001: Denied ICMP type=number , code=code from IP_address on interface interface_name

Explanation When using the icmp command with an access list, if the first matched entry is a permit entry, the ICMP packet continues processing. If the first matched entry is a deny entry, or an entry is not matched, the Secure Firewall Threat Defense device discards the ICMP packet and generates this message. The icmp command enables or disables pinging to an interface. With pinging disabled, the Secure Firewall Threat Defense device cannot be detected on the network. This feature is also referred to as configurable proxy pinging.

Recommended Action Contact the administrator of the peer device.

313004

Error Message %FTD-4-313004:Denied ICMP type=icmp_type , from source_address on interface interface_name to dest_address :no matching session

Explanation ICMP packets were dropped by the Secure Firewall Threat Defense device because of security checks added by the stateful ICMP feature that are usually either ICMP echo replies without a valid echo request already passed across the Secure Firewall Threat Defense device or ICMP error messages not related to any TCP, UDP, or ICMP session already established in the Secure Firewall Threat Defense device.

Recommended Action None required.

313005

Error Message %FTD-4-313005: No matching connection for ICMP error message: icmp_msg_info on interface_name interface. Original IP payload: embedded_frame_info icmp_msg_info = icmp src src_interface_name :src_address [([idfw_user | FQDN_string ], sg_info )] dst dest_interface_name :dest_address [([idfw_user | FQDN_string ], sg_info )] (type icmp_type, code icmp_code ) embedded_frame_info = prot src source_address /source_port [([idfw_user | FQDN_string ], sg_info )] dst dest_address /dest_port [(idfw_user |FQDN_string ), sg_info ]

Explanation ICMP error packets were dropped by the Secure Firewall Threat Defense device because the ICMP error messages are not related to any session already established in the Secure Firewall Threat Defense device.

Recommended Action If the cause is an attack, you can deny the host by using ACLs.

313008

Error Message %FTD-3-313008: Denied ICMPv6 type=number , code=code from IP_address on interface interface_name

Explanation When using the icmp command with an access list, if the first matched entry is a permit entry, the ICMPv6 packet continues processing. If the first matched entry is a deny entry, or an entry is not matched, the Secure Firewall Threat Defense device discards the ICMPv6 packet and generates this message.

The icmp command enables or disables pinging to an interface. When pinging is disabled, the Secure Firewall Threat Defense device is undetectable on the network. This feature is also referred to as “configurable proxy pinging.”

Recommended Action Contact the administrator of the peer device.

313009

Error Message %FTD-4-313009: Denied invalid ICMP code icmp-code , for src-ifc :src-address /src-port (mapped-src-address/mapped-src-port) to dest-ifc :dest-address /dest-port (mapped-dest-address/mapped-dest-port) [user ], ICMP id icmp-id , ICMP type icmp-type

Explanation An ICMP echo request/reply packet was received with a malformed code(non-zero).

Recommended Action If it is an intermittent event, no action is required. If the cause is an attack, you can deny the host using the ACLs.

314001

Error Message %FTD-6-314001: Pre-allocated RTSP UDP backconnection for src_intf :src_IP to dst_intf :dst_IP /dst_port.

Explanation The Secure Firewall Threat Defense device opened a UDP media channel for the RTSP client that was receiving data from the server.

  • src_intf —Source interface name
  • src_IP —Source interface IP address
  • dst_intf —Destination interface name
  • dst_IP —Destination IP address
  • dst_port —Destination port

Recommended Action None required.

314002

Error Message %FTD-6-314002: RTSP failed to allocate UDP media connection from src_intf :src_IP to dst_intf :dst_IP /dst_port : reason_string.

Explanation The Secure Firewall Threat Defense device cannot open a new pinhole for the media channel.

  • src_intf —Source interface name
  • src_IP —Source interface IP address
  • dst_intf —Destination interface name
  • dst_IP —Destination IP address
  • dst_port —Destination port
  • reason_string —Pinhole already exists/Unknown

Recommended Action If the reason is unknown, check the free memory available by running the show memory command, or the number of connections used by running the show conn command, because the Secure Firewall Threat Defense device is low on memory.

316001

Error Message %FTD-3-316001: Denied new tunnel to IP_address . VPN peer limit (platform_vpn_peer_limit) exceeded

Explanation If more VPN tunnels (ISAKMP/IPsec) are concurrently trying to be established than are supported by the platform VPN peer limit, then the excess tunnels are aborted.

Recommended Action None required.

316002

Error Message %FTD-3-316002: VPN Handle error: protocol=protocol , src in_if_num :src_addr , dst out_if_num :dst_addr

Explanation The Secure Firewall Threat Defense device cannot create a VPN handle, because the VPN handle already exists.

  • protocol —The protocol of the VPN flow
  • in_if_num —The ingress interface number of the VPN flow
  • src_addr —The source IP address of the VPN flow
  • out_if_num —The egress interface number of the VPN flow
  • dst_addr —The destination IP address of the VPN flow

Recommended Action This message may occur during normal operation; however, if the message occurs repeatedly and a major malfunction of VPN-based applications occurs, a software defect may be the cause. Enter the following commands to collect more information and contact the Cisco TAC to investigate the issue further:


capture
 name
 type asp-drop vpn-handle-error
show asp table classify crypto detail
show asp table vpn-context

317001

Error Message %FTD-3-317001: No memory available for limit_slow

Explanation The requested operation failed because of a low-memory condition.

Recommended Action Reduce other system activity to ease memory demands. If conditions warrant, upgrade to a larger memory configuration.

317002

Error Message %FTD-3-317002: Bad path index of number for IP_address , number max

Explanation A software error occurred.

Recommended Action If the problem persists, contact the Cisco TAC.

317003

Error Message %FTD-3-317003: IP routing table creation failure - reason

Explanation An internal software error occurred, which prevented the creation of a new IP routing table.

Recommended Action Copy the message exactly as it appears, and report it to Cisco TAC.

317004

Error Message %FTD-3-317004: IP routing table limit warning

Explanation The number of routes in the named IP routing table has reached the configured warning limit.

Recommended Action Reduce the number of routes in the table, or reconfigure the limit.

317005

Error Message %FTD-3-317005: IP routing table limit exceeded - reason , IP_address netmask

Explanation Additional routes will be added to the table.

Recommended Action Reduce the number of routes in the table, or reconfigure the limit.

317006

Error Message %FTD-3-317006: Pdb index error pdb , pdb_index , pdb_type

Explanation The index into the PDB is out of range.

  • pdb—Protocol Descriptor Block, the descriptor of the PDB index error
  • pdb_index—The PDB index identifier
  • pdb_type—The type of the PDB index error

Recommended Action If the problem persists, copy the error message exactly as it appears on the console or in the system log, contact the Cisco TAC, and provide the representative with the collected information.

317007

Error Message %FTD-6-317007: Added route_type route dest_address netmask via gateway_address [distance /metric ] on interface_name route_type

Explanation A new route has been added to the routing table.

Routing protocol type:

C – connected, S – static, I – IGRP, R – RIP, M – mobile

B – BGP, D – EIGRP, EX - EIGRP external, O - OSPF

IA - OSPF inter area, N1 - OSPF NSSA external type 1

N2 - OSPF NSSA external type 2, E1 - OSPF external type 1

E2 - OSPF external type 2, E – EGP, i - IS-IS, L1 - IS-IS level-1

L2 - IS-IS level-2, ia - IS-IS inter area

  • dest_address —The destination network for this route
  • netmask —The netmask for the destination network
  • gateway_address —The address of the gateway by which the destination network is reached
  • distance —Administrative distance for this route
  • metric —Metric for this route
  • interface_name —Network interface name through which the traffic is routed

Recommended Action None required.

317008

Error Message %FTD-6-317008: Community list check with bad list list_number

Explanation When an out of range community list is identified, this message is generated along with the list number.

Recommended Action None required.

317012

Error Message %FTD-3-317012: Interface IP route counter negative - nameif-string-value

Explanation Indicates that the interface route count is negative.

  • nameif-string-value—The interface name as specified by the nameif command

Recommended Action None required.

317077

Error Message %FTD-6-317077: Added <protocol_name> route <destination_address/subnet-mask> via <gateway-address> on <inf_name>

Explanation This message is generated when a route is added successfully on the Secure Firewall Threat Defense device.

Recommended Action None required.

317078

Error Message %FTD-6-317078: Deleted <protocol_name> route <destination_address/subnet-mask> via <gateway-address> on <inf_name>

Explanation This message is generated when a route is deleted from the Secure Firewall Threat Defense device.

Recommended Action None required.

318001

Error Message %FTD-3-318001: Internal error: reason

Explanation An internal software error occurred. This message occurs at five-second intervals.

Recommended Action Copy the message exactly as it appears, and report it to the Cisco TAC.

318002

Error Message %FTD-3-318002: Flagged as being an ABR without a backbone area

Explanation The router was flagged as an area border router without a backbone area configured in the router. This message occurs at five-second intervals.

Recommended Action Restart the OSPF process.

318003

Error Message %FTD-3-318003: Reached unknow n state in neighbor state machine

Explanation An internal software error occurred. This message occurs at five-second intervals.

Recommended Action Copy the message exactly as it appears, and report it to the Cisco TAC.

318004

Error Message %FTD-3-318004: area string lsid IP_address mask netmask adv IP_address type number

Explanation The OSPF process had a problem locating the link state advertisement, which might lead to a memory leak.

Recommended Action If the problem persists, contact the Cisco TAC.

318005

Error Message %FTD-3-318005: lsid ip_address adv IP_address type number gateway gateway_address metric number network IP_address mask netmask protocol hex attr hex net-metric number

Explanation OSPF found an inconsistency between its database and the IP routing table.

Recommended Action If the problem persists, contact the Cisco TAC.

318006

Error Message %FTD-3-318006: if interface_name if_state number

Explanation An internal error occurred.

Recommended Action Copy the message exactly as it appears, and report it to the Cisco TAC.

318007

Error Message %FTD-3-318007: OSPF is enabled on interface_name during idb initialization

Explanation An internal error occurred.

Recommended Action Copy the message exactly as it appears, and report it to the Cisco TAC.

318008

Error Message %FTD-3-318008: OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id

Explanation The OSPF process is being reset, and it is going to select a new router ID. This action will bring down all virtual links.

Recommended Action Change the virtual link configuration on all of the virtual link neighbors to reflect the new router ID.

318009

Error Message %FTD-3-318009: OSPF: Attempted reference of stale data encountered in function , line: line_num

Explanation OSPF is running and has tried to reference some related data structures that have been removed elsewhere. Clearing interface and router configurations may resolve the problem. However, if this message appears, some sequence of steps caused premature deletion of data structures and this needs to be investigated.

  • function —The function that received the unexpected event
  • line_num —Line number in the code

Recommended Action If the problem persists, contact the Cisco TAC.

318101

Error Message %FTD-3-318101: Internal error: REASON

Explanation An internal software error has occurred.

  • REASON —The detailed cause of the event

Recommended Action None required.

318102

Error Message %FTD-3-318102: Flagged as being an ABR without a backbone area

Explanation The router was flagged as an Area Border Router (ABR) without a backbone area in the router.

Recommended Action Restart the OSPF process.

318103

Error Message %FTD-3-318103: Reached unknown state in neighbor state machine

Explanation An internal software error has occurred.

Recommended Action None required.

318104

Error Message %FTD-3-318104: DB already exist: area AREA_ID_STR lsid i adv i type 0x x

Explanation OSPF has a problem locating the LSA, which could lead to a memory leak.

  • AREA_ID_STR —A string representing the area
  • i —An integer value
  • x —A hexadecimal representation of an integer value

Recommended Action None required.

318105

Error Message %FTD-3-318105: lsid i adv i type 0x x gateway i metric d network i mask i protocol #x attr #x net-metric d

Explanation OSPF found an inconsistency between its database and the IP routing table.

  • i —An integer value
  • x —A hexadecimal representation of an integer value
  • d —A number

Recommended Action None required.

318106

Error Message %FTD-3-318106: if IF_NAME if_state d

Explanation An internal error has occurred.

  • IF_NAME— The name of the affected interface
  • d —A number

Recommended Action None required.

318107

Error Message %FTD-3-318107: OSPF is enabled on IF_NAME during idb initialization

Explanation An internal error has occurred.

  • IF_NAME— The name of the affected interface

Recommended Action None required.

318108

Error Message %FTD-3-318108: OSPF process d is changing router-id. Reconfigure virtual link neighbors with our new router-id

Explanation The OSPF process is being reset, and it is going to select a new router ID, which brings down all virtual links. To make them work again, you need to change the virtual link configuration on all virtual link neighbors.

  • d —A number representing the process ID

Recommended Action Change the virtual link configuration on all the virtual link neighbors to include the new router ID.

318109

Error Message %FTD-3-318109: OSPFv3 has received an unexpected message: 0x / 0x

Explanation OSPFv3 has received an unexpected interprocess message.

  • x —A hexadecimal representation of an integer value

Recommended Action None required.

318110

Error Message %FTD-3-318110: Invalid encrypted key s .

Explanation The specified encrypted key is not valid.

  • s —A string representing the encrypted key

Recommended Action Either specify a clear text key and enter the service password-encryption command for encryption, or ensure that the specified encrypted key is valid. If the specified encrypted key is not valid, an error message appears during system configuration.

318111

Error Message %FTD-3-318111: SPI u is already in use with ospf process d

Explanation An attempt was made to use a SPI that has already been used.

  • u —A number representing the SPI
  • d —A number representing the process ID

Recommended Action Choose a different SPI.

318112

Error Message %FTD-3-318112: SPI u is already in use by a process other than ospf process d .

Explanation An attempt was made to use a SPI that has already been used.

  • u —A number representing the SPI
  • d —A number representing the process ID

Recommended Action Choose a different SPI. Enter the show crypto ipv6 ipsec sa command to view a list of SPIs that are already being used.

318113

Error Message %FTD-3-318113: s s is already configured with SPI u .

Explanation An attempt was made to use a SPI that has already been used.

  • s— A string representing an interface
  • u —A number representing the SPI

Recommended Action Unconfigure the SPI first, or choose a different one.

318114

Error Message %FTD-3-318114: The key length used with SPI u is not valid

Explanation The key length was incorrect.

  • u —A number representing the SPI

Recommended Action Choose a valid IPsec key. An IPsec authentication key must be 32 (MD5) or 40 (SHA-1) hexidecimal digits long.

318115

Error Message %FTD-3-318115: s error occured when attempting to create an IPsec policy for SPI u

Explanation An IPsec API (internal) error has occurred.

  • s— A string representing the error
  • u —A number representing the SPI

Recommended Action None required.

318116

Error Message %FTD-3-318116: SPI u is not being used by ospf process d .

Explanation An attempt was made to unconfigure a SPI that is not being used with OSPFv3.

  • u —A number representing the SPI
  • d —A number representing the process ID

Recommended Action Enter a show command to see which SPIs are used by OSPFv3.

318117

Error Message %FTD-3-318117: The policy for SPI u could not be removed because it is in use.

Explanation An attempt was made to remove the policy for the indicated SPI, but the policy was still being used by a secure socket.

  • u —A number representing the SPI

Recommended Action None required.

318118

Error Message %FTD-3-318118: s error occured when attemtping to remove the IPsec policy with SPI u

Explanation An IPsec API (internal) error has occurred.

  • s —A string representing the specified error
  • u —A number representing the SPI

Recommended Action None required.

318119

Error Message %FTD-3-318119: Unable to close secure socket with SPI u on interface s

Explanation An IPsec API (internal) error has occurred.

  • u —A number representing the SPI
  • s —A string representing the specified interface

Recommended Action None required.

318120

Error Message %FTD-3-318120: OSPFv3 was unable to register with IPsec

Explanation An internal error has occurred.

Recommended Action None required.

318121

Error Message %FTD-3-318121: IPsec reported a GENERAL ERROR: message s , count d

Explanation An internal error has occurred.

  • s —A string representing the specified message
  • d —A number representing the total number of generated messages

Recommended Action None required.

318122

Error Message %FTD-3-318122: IPsec sent a s message s to OSPFv3 for interface s . Recovery attempt d

Explanation An internal error has occurred. The system is trying to reopen the secure socket and to recover.

  • s —A string representing the specified message and specified interface
  • d —A number representing the total number of recovery attempts

Recommended Action None required.

318123

Error Message %FTD-3-318123: IPsec sent a s message s to OSPFv3 for interface IF_NAME . Recovery aborted

Explanation An internal error has occurred. The maximum number of recovery attempts has been exceeded.

  • s —A string representing the specified message
  • IF_NAME —The specified interface

Recommended Action None required.

318125

Error Message %FTD-3-318125: Init failed for interface IF_NAME

Explanation The interface initialization failed. Possible reasons include the following:

  • The area to which the interface is being attached is being deleted.
  • It was not possible to create the link scope database.
  • It was not possible to create a neighbor datablock for the local router.

Recommended Action Remove the configuration command that initializes the interface and then try it again.

318126

Error Message %FTD-3-318126: Interface IF_NAME is attached to more than one area

Explanation The interface is on the interface list for an area other than the one to which the interface links.

  • IF_NAME —The specified interface

Recommended Action None required.

318127

Error Message %FTD-3-318127: Could not allocate or find the neighbor

Explanation An internal error has occurred.

Recommended Action None required.

Messages 320001 to 341011

This chapter includes messages from 320001 to 341011.

320001

Error Message %FTD-3-320001: The subject name of the peer cert is not allowed for connection

Explanation When the Secure Firewall Threat Defense device is an easy VPN remote device or server, the peer certificate includes asubject name that does not match the output of the ca verifycertdn command. A man-in-the-middle attack might be occurring, where a device spoofs the peer IP address and tries to intercept a VPN connection from the Secure Firewall Threat Defense device.

Recommended Action None required.

321001

Error Message %FTD-5-321001: Resource var1 limit of var2 reached.

Explanation A configured resource usage or rate limit for the indicated resource was reached.

Recommended Action If the platform maximum connections were reached, it takes some time to reallocate memory to free system memory, resulting in traffic failure. After memory space is released, you must reload the device. For further assistance, contact TAC team.

321002

Error Message %FTD-5-321002: Resource var1 rate limit of var2 reached.

Explanation A configured resource usage or rate limit for the indicated resource was reached.

Recommended Action If the platform maximum connections were reached, it takes some time to reallocate memory to free system memory, resulting in traffic failure. After memory space is released, you must reload the device. For further assistance, contact TAC team.

321003

Error Message %FTD-6-321003: Resource var1 log level of var2 reached.

Explanation A configured resource usage or rate logging level for the indicated resource was reached.

Recommended Action None required.

321004

Error Message %FTD-6-321004: Resource var1 rate log level of var2 reached

Explanation A configured resource usage or rate logging level for the indicated resource was reached.

Recommended Action None required.

321005

Error Message %FTD-2-321005: System CPU utilization reached utilization %

Explanation The system CPU utilization has reached 95 percent or more and remains at this level for five minutes.

  • utilization % —The percentage of CPU being used

Recommended Action If this message occurs periodically, you can ignore it. If it repeats frequently, check the output of the show cpu command and verify the CPU usage. If it is high, contact the Cisco TAC.

321006

Error Message %FTD-2-321006: System memory usage reached utilization %

Explanation The system memory usage has reached 80 percent or more and remains at this level for five minutes.

  • utilization % —The percentage of memory being used

Recommended Action If this message occurs periodically, you can ignore it. If it repeats frequently, check the output of the show memory command and verify the memory usage. If it is high, contact the Cisco TAC.

321007

Error Message %FTD-3-321007: System is low on free memory blocks of size block_size (free_blocks CNT out of max_blocks MAX)

Explanation The system is low on free blocks of memory. Running out of blocks may result in traffic disruption.

  • block_size —The block size of memory (for example, 4, 1550, 8192)
  • free_blocks —The number of free blocks, as shown in the CNT column after using the show blocks command
  • max_blocks —The maximum number of blocks that the system can allocate, as shown in the MAX column after using the show blocks command

Recommended Action Use the show blocks command to monitor the amount of free blocks in the CNT column of the output for the indicated block size. If the CNT column remains zero, or very close to it for an extended period of time, then the Secure Firewall Threat Defense device may be overloaded or running into another issue that needs additional investigation.

322001

Error Message %FTD-3-322001: Deny MAC address MAC_address, possible spoof attempt on interface interface

Explanation The Secure Firewall Threat Defense device received a packet from the offending MAC address on the specified interface, but the source MAC address in the packet is statically bound to another interface in the configuration. Either a MAC-spoofing attack or a misconfiguration may be the cause.

Recommended Action Check the configuration and take appropriate action by either finding the offending host or correcting the configuration.

322002

Error Message %FTD-3-322002: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface . This host is advertising MAC Address MAC_address_1 for IP Address IP_address , which is {statically|dynamically} bound to MAC Address MAC_address_2 .

Explanation If the ARP inspection module is enabled, it checks whether a new ARP entry advertised in the packet conforms to the statically configured or dynamically learned IP-MAC address binding before forwarding ARP packets across the Secure Firewall Threat Defense device. If this check fails, the ARP inspection module drops the ARP packet and generates this message. This situation may be caused by either ARP spoofing attacks in the network or an invalid configuration (IP-MAC binding).

Recommended Action If the cause is an attack, you can deny the host using the ACLs. If the cause is an invalid configuration, correct the binding.

322003

Error Message %FTD-3-322003:ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface . This host is advertising MAC Address MAC_address_1 for IP Address IP_address , which is not bound to any MAC Address.

Explanation If the ARP inspection module is enabled, it checks whether a new ARP entry advertised in the packet conforms to the statically configured IP-MAC address binding before forwarding ARP packets across the Secure Firewall Threat Defense device. If this check fails, the ARP inspection module drops the ARP packet and generates this message. This situation may be caused by either ARP spoofing attacks in the network or an invalid configuration (IP-MAC binding).

Recommended Action If the cause is an attack, you can deny the host using the ACLs. If the cause is an invalid configuration, correct the binding.

322004

Error Message %FTD-6-322004: No management IP address configured for transparent firewall. Dropping protocol protocol packet from interface_in :source_address /source_port to interface_out :dest_address /dest_port

Explanation The Secure Firewall Threat Defense device dropped a packet because no management IP address was configured in the transparent mode.

  • protocol—Protocol string or value
  • interface_in—Input interface name
  • source_address—Source IP address of the packet
  • source_port—Source port of the packet
  • interface_out—Output interface name
  • dest_address—Destination IP address of the packet
  • dest_port—Destination port of the packet

Recommended Action Configure the device with the management IP address and mask values.

323001

Error Message %FTD-3-323001: Module module_id experienced a control channel communications failure.

%FTD-3-323001: Module in slot slot_num experienced a control channel communications failure.

Explanation The Secure Firewall Threat Defense device is unable to communicate via control channel with the module installed (in the specified slot).

  • module_id—For a software services module, specifies the services module name.
  • slot_num—For a hardware services module, specifies the slot in which the failure occurred. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot.

Recommended Action If the problem persists, contact the Cisco TAC.

323002

Error Message %FTD-3-323002: Module module_id is not able to shut down, shut down request not answered.

%FTD-3-323002: Module in slot slot_num is not able to shut down, shut down request not answered.

Explanation The module installed did not respond to a shutdown request.

  • module_id—For a software services module, specifies the service module name.
  • slot_num—For a hardware services module, specifies the slot in which the failure occurred. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot.

Recommended Action If the problem persists, contact the Cisco TAC.

323003

Error Message %FTD-3-323003: Module module_id is not able to reload, reload request not answered.

%FTD-3-323003: Module in slot slotnum is not able to reload, reload request not answered.

Explanation The module installed did not respond to a reload request.

  • module_id—For a software services module, specifies the service module name.
  • slot_num—For a hardware services module, specifies the slot in which the failure occurred. Slot 0 indicates the system main board, and slot 1 indicates the module installed in the expansion slot.

Recommended Action If the problem persists, contact the Cisco TAC.

323004

Error Message %FTD-3-323004: Module string one failed to write software newver (currently ver ), reason . Hw-module reset is required before further use.

Explanation The module failed to accept a software version, and will be transitioned to an UNRESPONSIVE state. The module is not usable until the software is updated.

  • string one—The text string that specifies the module
  • >newver —The new version number of software that was not successfully written to the module (for example, 1.0(1)0)
  • >ver —The current version number of the software on the module (for example, 1.0(1)0)
  • >reason —The reason the new version cannot be written to the module. The possible values for >reason include the following:

- write failure

- failed to create a thread to write the image

Recommended Action If the module software cannot be updated, it will not be usable. If the problem persists, contact the Cisco TAC.

323005

Error Message %FTD-3-323005: Module module_id can not be started completely

%FTD-3-323005: Module in slot slot_num cannot be started completely

Explanation This message indicates that the module cannot be started completely. The module will remain in the UNRESPONSIVE state until this condition is corrected. A module that is not fully seated in the slot is the most likely cause.

  • module_id—For a software services module, specifies the service module name.
  • slot_num—For a hardware services module, specifies the slot number that contains the module.

Recommended Action Verify that the module is fully seated and check to see if any status LEDs on the module are on. It may take a minute after fully reseating the module for the Secure Firewall Threat Defense device to recognize that it is powered up. If this message appears after verifying that the module is seated and after resetting the module using either the sw-module module service-module-name reset command or the hw-module module slotnum reset command, contact the Cisco TAC.

323006

Error Message %FTD-1-323006: Module ips experienced a data channel communication failure, data channel is DOWN.

Explanation A data channel communication failure occurred and the Secure Firewall Threat Defense device was unable to forward traffic to the services module. This failure triggers a failover when the failure occurs on the active Secure Firewall Threat Defense device in an HA configuration. The failure also results in the configured fail open or fail closed policy being enforced on traffic that would normally be sent to the services module. This message is generated whenever a communication problem over the Secure Firewall Threat Defense device dataplane occurs between the system module and the services module, which can be caused when the services module stops, resets, is removed or disabled.

Recommended Action For software services modules such as IPS, recover the module using the sw-module module ips recover command. For hardware services modules, if this message is not the result of the SSM reloading or resetting and the corresponding syslog message 505010 is not seen after the SSM returns to an UP state, reset the module using the hw-module module 1 reset command.

323007

Error Message %FTD-3-323007: Module in slot slot experienced a firware failure and the recovery is in progress.

Explanation An Secure Firewall Threat Defense device with a 4GE-SSM installed experienced a short power surge, then rebooted. As a result, the 4GE-SSM may come online in an unresponsive state. The Secure Firewall Threat Defense device has detected that the 4GE-SSM is unresponsive, and automatically restarts the 4GE-SSM.

Recommended Action None required.

324012

Error Message %FTD-5-324012: GTP_PARSE: GTP IE TYPEGTP IE TYPE NUMBER: Invalid Length Received Length: Length Received,Minimum Expected Length: Expected Length

Explanation

When GTP IE length received is less than the minimum length, an error message appears with the following data:

  • GTP IE TYPE: Name Of GTP IE.

  • GTP IE TYPE NUMBER: Number Defined for GTP IE Type

  • Invalid Length Received: Invalid Length Received in the Packet.

  • Minimum Expected Length: Minimum Expected length for IE.

Example:

%ASA-5-324012: GTP_PARSE: GTPV2_PARSE: Presence Reporting Area Action[177]: Invalid Length Received Length: 4, Minimum Expected Length: 11

Recommended Action None

324302

Error Message %FTD-4-324302: Server=IPaddr:port ID=id: Rejecting the RADIUS response: Reason

Explanation This message is generated when RADIUS response is rejected either because the required message-authenticator payload is missing in the response or if the Message-Authenticator payload failed validation check.

  • IPaddr:port—RADIUS server IP address and port

  • id—RADIUS request ID

  • Reason—Reason why the RADIUS response is rejected:

    • Required Message-Authenticator Payload Missing

    • Message-Authenticator payload failed validation check

Recommended Action None.

324303

Error Message %FTD-6-324303: Server=IPaddr:port ID=id The RADIUS server supports and included the Message-Authenticator payload in its response. To prevent Man-In-The-Middle attacks, consider enabling ‘ message-authenticator’ on the aaa-server-group configuration for this server as a security best practice.

ExplanationThis message is generated to convey that the RADIUS server supports and included Message-authenticator payload in the RADIUS response. Also, provides best security practices that is configurable and could disable this syslog.

  • IPaddr:port—RADIUS server IP address and port

  • id—RADIUS request ID

In addition, this syslog is rate-limited to report not more than 10 syslog messages in a 5-minute interval window by default. You can configure custom rate-limit interval and count through CLI.

To view the existing rate limits, use:
show running-configuration all logging | grep 324303 
To configure a custom value, use:
logging rate-limit 10 300 message 324303 

Recommended Action Configure message-authenticator-required CLI under AAA server configuration.

325001

Error Message %FTD-3-325001: Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings

Explanation Another router on the link sent router advertisements with conflicting parameters.

  • ipv6_address—IPv6 address of the other router
  • interface—Interface name of the link with the other router

Recommended Action Verify that all IPv6 routers on the link have the same parameters in the router advertisement for hop_limit, managed_config_flag, other_config_flag, reachable_time and ns_interval, and that preferred and valid lifetimes for the same prefix, advertised by several routers, are the same. To list the parameters per interface, enter the show ipv6 interface command.

325002

Error Message %FTD-4-325002: Duplicate address ipv6_address/MAC_address on interface

Explanation Another system is using your IPv6 address.

  • ipv6_address—The IPv6 address of the other router
  • MAC_address—The MAC address of the other system, if known; otherwise, it is considered unknown.
  • interface—The interface name of the link with the other system

Recommended Action Change the IPv6 address of one of the two systems.

326001

Error Message %FTD-3-326001: Unexpected error in the timer library: error_message

Explanation A managed timer event was received without a context or a correct type, or no handler exists. Alternatively, if the number of events queued exceeds a system limit, an attempt to process them will occur at a later time.

Recommended Action If the problem persists, contact the Cisco TAC.

326002

Error Message %FTD-3-326002: Error in error_message : error_message

Explanation The IGMP process failed to shut down upon request. Events that are performed in preparation for this shutdown may be out-of-sync.

Recommended Action If the problem persists, contact the Cisco TAC.

326004

Error Message %FTD-3-326004: An internal error occurred while processing a packet queue

Explanation The IGMP packet queue received a signal without a packet.

Recommended Action If the problem persists, contact the Cisco TAC.

326005

Error Message %FTD-3-326005: Mrib notification failed for (IP_address, IP_address )

Explanation A packet triggering a data-driven event was received, and the attempt to notify the MRIB failed.

Recommended Action If the problem persists, contact the Cisco TAC.

326006

Error Message %FTD-3-326006: Entry-creation failed for (IP_address, IP_address )

Explanation The MFIB received an entry update from the MRIB, but failed to create the entry related to the addresses displayed. The probable cause is insufficient memory.

Recommended Action If the problem persists, contact the Cisco TAC.

326007

Error Message %FTD-3-326007: Entry-update failed for (IP_address, IP_address )

Explanation The MFIB received an interface update from the MRIB, but failed to create the interface related to the addresses displayed. The probable cause is insufficient memory.

Recommended Action If the problem persists, contact the Cisco TAC.

326008

Error Message %FTD-3-326008: MRIB registration failed

Explanation The MFIB failed to register with the MRIB.

Recommended Action If the problem persists, contact the Cisco TAC.

326009

Error Message %FTD-3-326009: MRIB connection-open failed

Explanation The MFIB failed to open a connection to the MRIB.

Recommended Action If the problem persists, contact the Cisco TAC.

326010

Error Message %FTD-3-326010: MRIB unbind failed

Explanation The MFIB failed to unbind from the MRIB.

Recommended Action If the problem persists, contact the Cisco TAC.

326011

Error Message %FTD-3-326011: MRIB table deletion failed

Explanation The MFIB failed to retrieve the table that was supposed to be deleted.

Recommended Action If the problem persists, contact the Cisco TAC.

326012

Error Message %FTD-3-326012: Initialization of string functionality failed

Explanation The initialization of a specified functionality failed. This component might still operate without the functionality.

Recommended Action If the problem persists, contact the Cisco TAC.

326013

Error Message %FTD-3-326013: Internal error: string in string line %d (%s )

Explanation A fundamental error occurred in the MRIB.

Recommended Action If the problem persists, contact the Cisco TAC.

326014

Error Message %FTD-3-326014: Initialization failed: error_message error_message

Explanation The MRIB failed to initialize.

Recommended Action If the problem persists, contact the Cisco TAC.

326015

Error Message %FTD-3-326015: Communication error: error_message error_message

Explanation The MRIB received a malformed update.

Recommended Action If the problem persists, contact the Cisco TAC.

326016

Error Message %FTD-3-326016: Failed to set un-numbered interface for interface_name (string )

Explanation The PIM tunnel is not usable without a source address. This situation occurs because a numbered interface cannot be found, or because of an internal error.

Recommended Action If the problem persists, contact the Cisco TAC.

326017

Error Message %FTD-3-326017: Interface Manager error - string in string : string

Explanation An error occurred while creating a PIM tunnel interface.

Recommended Action If the problem persists, contact the Cisco TAC.

326019

Error Message %FTD-3-326019: string in string : string

Explanation An error occurred while creating a PIM RP tunnel interface.

Recommended Action If the problem persists, contact the Cisco TAC.

326020

Error Message %FTD-3-326020: List error in string : string

Explanation An error occurred while processing a PIM interface list.

Recommended Action If the problem persists, contact the Cisco TAC.

326021

Error Message %FTD-3-326021: Error in string : string

Explanation An error occurred while setting the SRC of a PIM tunnel interface.

Recommended Action If the problem persists, contact the Cisco TAC.

326022

Error Message %FTD-3-326022: Error in string : string

Explanation The PIM process failed to shut down upon request. Events that are performed in preparation for this shutdown may be out-of-sync.

Recommended Action If the problem persists, contact the Cisco TAC.

326023

Error Message %FTD-3-326023: string - IP_address : string

Explanation An error occurred while processing a PIM group range.

Recommended Action If the problem persists, contact the Cisco TAC.

326024

Error Message %FTD-3-326024: An internal error occurred while processing a packet queue.

Explanation The PIM packet queue received a signal without a packet.

Recommended Action If the problem persists, contact the Cisco TAC.

326025

Error Message %FTD-3-326025: string

Explanation An internal error occurred while trying to send a message. Events scheduled to occur on the receipt of a message, such as deletion of the PIM tunnel IDB, may not occur.

Recommended Action If the problem persists, contact the Cisco TAC.

326026

Error Message %FTD-3-326026: Server unexpected error: error_message

ExplanationThe MRIB failed to register a client.

Recommended Action If the problem persists, contact the Cisco TAC.

326027

Error Message %FTD-3-326027: Corrupted update: error_message

ExplanationThe MRIB received a corrupt update.

Recommended Action If the problem persists, contact the Cisco TAC.

326028

Error Message %FTD-3-326028: Asynchronous error: error_message

ExplanationAn unhandled asynchronous error occurred in the MRIB API.

Recommended Action If the problem persists, contact the Cisco TAC.

327001

Error Message %FTD-3-327001: IP SLA Monitor: Cannot create a new process

ExplanationThe IP SLA monitor was unable to start a new process.

Recommended Action Check the system memory. If memory is low, then this is probably the cause. Try to reenter the commands when memory is available. If the problem persists, contact the Cisco TAC.

327002

Error Message %FTD-3-327002: IP SLA Monitor: Failed to initialize, IP SLA Monitor functionality will not work

ExplanationThe IP SLA monitor failed to initialize. This condition is caused by either the timer wheel function failing to initialize or a process not being created. Sufficient memory is probably not available to complete the task.

Recommended Action Check the system memory. If memory is low, then this is probably the cause. Try to reenter the commands when memory is available. If the problem persists, contact the Cisco TAC.

327003

Error Message %FTD-3-327003: IP SLA Monitor: Generic Timer wheel timer functionality failed to initialize

ExplanationThe IP SLA monitor cannot initialize the timer wheel.

Recommended Action Check the system memory. If memory is low, then the timer wheel function did not initialize. Try to reenter the commands when memory is available. If the problem persists, contact the Cisco TAC.

328001

Error Message %FTD-3-328001: Attempt made to overwrite a set stub function in string .

ExplanationA single function can be set as a callback for when a stub with a check registry is invoked. An attempt to set a new callback failed because a callback function has already been set.

  • string—The name of the function

Recommended Action If the problem persists, contact the Cisco TAC.

328002

Error Message %FTD-3-328002: Attempt made in string to register with out of bounds key

Explanation In the FASTCASE registry, the key has to be smaller than the size specified when the registry was created. An attempt was made to register with a key out-of-bounds.

Recommended Action Copy the error message exactly as it appears, and report it to the Cisco TAC.

329001

Error Message %FTD-3-329001: The string0 subblock named string1 was not removed

ExplanationA software error has occurred. IDB subblocks cannot be removed.

  • string0 —SWIDB or HWIDB
  • string1 —The name of the subblock

Recommended Action If the problem persists, contact the Cisco TAC.

331001

Error Message %FTD-3-331001: Dynamic DNS Update for 'fqdn_name ' = ip_address failed

ExplanationThe dynamic DNS subsystem failed to update the resource records on the DNS server. This failure might occur if the Secure Firewall Threat Defense device is unable to contact the DNS server or the DNS service is not running on the destination system.

  • fqdn_name —The fully qualified domain name for which the DNS update was attempted
  • ip_address —The IP address of the DNS update

Recommended Action Make sure that a DNS server is configured and reachable by the Secure Firewall Threat Defense device. If the problem persists, contact the Cisco TAC.

331002

Error Message %FTD-5-331002: Dynamic DNS type RR for ('fqdn_name ' - ip_address | ip_address - 'fqdn_name ') successfully updated in DNS server dns_server_ip

Explanation A dynamic DNS update succeeded in the DNS server.

  • type —The type of resource record, which may be A or PTR
  • fqdn_name —The fully qualified domain name for which the DNS update was attempted
  • ip_address —The IP address of the DNS update
  • dns_server_ip —The IP address of the DNS server

Recommended Action None required.

332001

Error Message %FTD-3-332001: Unable to open cache discovery socket, WCCP V2 closing down.

Explanation An internal error that indicates the WCCP process was unable to open the UDP socket used to listen for protocol messages from caches.

Recommended Action Ensure that the IP configuration is correct and that at least one IP address has been configured.

332002

Error Message %FTD-3-332002: Unable to allocate message buffer, WCCP V2 closing down.

Explanation An internal error that indicates the WCCP process was unable to allocate memory to hold incoming protocol messages.

Recommended Action Ensure that enough memory is available for all processes.

332003

Error Message %FTD-5-332003: Web Cache IP_address /service_ID acquired

Explanation A service from the web cache of the Secure Firewall Threat Defense device was acquired.

  • IP_address—The IP address of the web cache
  • service_ID—The WCCP service identifier

Recommended Action None required.

332004

Error Message %FTD-1-332004: Web Cache IP_address /service_ID lost

Explanation A service from the web cache of the Secure Firewall Threat Defense device was lost.

  • IP_address—The IP address of the web cache
  • service_ID—The WCCP service identifier

Recommended Action Verify operation of the specified web cache.

333001

Error Message %FTD-6-333001: EAP association initiated - context: EAP-context

Explanation An EAP association has been initiated with a remote host.

  • EAP-context —A unique identifier for the EAP session, displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)

Recommended Action None required.

333002

Error Message %FTD-5-333002: Timeout waiting for EAP response - context:EAP-context

Explanation A timeout occurred while waiting for an EAP response.

  • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)

Recommended Action None required.

333003

Error Message %FTD-6-333003: EAP association terminated - context:EAP-context

Explanation The EAP association has been terminated with the remote host.

  • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)

Recommended Action None required.

333004

Error Message %FTD-7-333004: EAP-SQ response invalid - context:EAP-context

Explanation The EAP-Status Query response failed basic packet validation.

  • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)

Recommended Action If the problem persists, contact the Cisco TAC.

333005

Error Message %FTD-7-333005: EAP-SQ response contains invalid TLV(s) - context:EAP-context

Explanation The EAP-Status Query response has one or more invalid TLVs.

  • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)

Recommended Action If the problem persists, contact the Cisco TAC.

333006

Error Message %FTD-7-333006: EAP-SQ response with missing TLV(s) - context:EAP-context

Explanation The EAP-Status Query response is missing one or more mandatory TLVs.

  • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)

Recommended Action If the problem persists, contact the Cisco TAC.

333007

Error Message %FTD-7-333007: EAP-SQ response TLV has invalid length - context:EAP-context

Explanation The EAP-Status Query response includes a TLV with an invalid length.

  • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)

Recommended Action If the problem persists, contact the Cisco TAC.

333008

Error Message %FTD-7-333008: EAP-SQ response has invalid nonce TLV - context:EAP-context

Explanation The EAP-Status Query response includes an invalid nonce TLV.

  • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)

Recommended Action If the problem persists, contact the Cisco TAC.

333009

Error Message %FTD-6-333009: EAP-SQ response MAC TLV is invalid - context:EAP-context

Explanation The EAP-Status Query response includes a MAC that does not match the calculated MAC.

  • EAP-context —A unique identifier for the EAP session displayed as an eight-digit hexadecimal number (for example, 0x2D890AE0)

Recommended Action If the problem persists, contact the Cisco TAC.

333010

Error Message %FTD-5-333010: EAP-SQ response Validation Flags TLV indicates PV request - context:EAP-context

Explanation The EAP-Status Query response includes a validation flags TLV, which indicates that the peer requested a full posture validation.

Recommended Action None required.

334001

Error Message %FTD-6-334001: EAPoUDP association initiated - host-address

Explanation An EAPoUDP association has been initiated with a remote host.

  • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)

Recommended Action None required.

334002

Error Message %FTD-5-334002: EAPoUDP association successfully established - host-address

Explanation An EAPoUDP association has been successfully established with the host.

  • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)

Recommended Action None required.

334003

Error Message %FTD-5-334003: EAPoUDP association failed to establish - host-address

Explanation An EAPoUDP association has failed to establish with the host.

  • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)

Recommended Action Verify the configuration of the Cisco Secure Access Control Server.

334004

Error Message %FTD-6-334004: Authentication request for NAC Clientless host - host-address

Explanation An authentication request was made for a NAC clientless host.

  • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)

Recommended Action None required.

334005

Error Message %FTD-5-334005: Host put into NAC Hold state - host-address

Explanation The NAC session for the host was put into the Hold state.

  • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)

Recommended Action None required.

334006

Error Message %FTD-5-334006: EAPoUDP failed to get a response from host - host-address

Explanation An EAPoUDP response was not received from the host.

  • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)

Recommended Action None required.

334007

Error Message %FTD-6-334007: EAPoUDP association terminated - host-address

Explanation An EAPoUDP association has terminated with the host.

  • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)

Recommended Action None required.

334008

Error Message %FTD-6-334008: NAC EAP association initiated - host-address , EAP context: EAP-context

Explanation EAPoUDP has initiated EAP with the host.

  • host-address —The IP address of the host in dotted decimal format (for example, 10.86.7.101)
  • EAP-context —A unique identifier for the EAP session displayed as an eight-digit, hexadecimal number (for example, 0x2D890AE0)

Recommended Action None required.

334009

Error Message %FTD-6-334009: Audit request for NAC Clientless host - Assigned_IP.

Explanation An audit request is being sent for the specified assigned IP address.

  • Assigned_IP —The IP address assigned to the client

Recommended Action None required.

336001

Error Message %FTD-3-336001 Route desination_network stuck-in-active state in EIGRP-ddb_name as_num. Cleaning up

Explanation The SIA state means that an EIGRP router has not received a reply to a query from one or more neighbors within the time allotted (approximately three minutes). When this happens, EIGRP clears the neighbors that did not send a reply and logs an error message for the route that became active.

  • destination_network —The route that became active
  • ddb_name —IPv4
  • as_num —The EIGRP router

Recommended Action Check to see why the router did not get a response from all of its neighbors and why the route disappeared.

336002

Error Message %FTD-3-336002: Handle handle_id is not allocated in pool.

Explanation The EIGRP router is unable to find the handle for the next hop.

  • handle_id —The identity of the missing handle

Recommended Action If the problem persists, contact the Cisco TAC.

336003

Error Message %FTD-3-336003: No buffers available for bytes byte packet

Explanation The DUAL software was unable to allocate a packet buffer. The Secure Firewall Threat Defense device may be out of memory.

  • bytes —Number of bytes in the packet

Recommended Action Check to see if the Secure Firewall Threat Defense device is out of memory by entering the show mem or show tech command. If the problem persists, contact the Cisco TAC.

336004

Error Message %FTD-3-336004: Negative refcount in pakdesc pakdesc.

Explanation The reference count packet count became negative.

  • pakdesc —Packet identifier

Recommended Action If the problem persists, contact the Cisco TAC.

336005

Error Message %FTD-3-336005: Flow control error, error , on interface_name.

Explanation The interface is flow blocked for multicast. Qelm is the queue element, and in this case, the last multicast packet on the queue for this particular interface.

  • error —Error statement: Qelm on flow ready
  • interface_name —Name of the interface on which the error occurred

Recommended Action If the problem persists, contact the Cisco TAC.

336006

Error Message %FTD-3-336006: num peers exist on IIDB interface_name.

Explanation Peers still exist on a particular interface during or after cleanup of the IDB of the EIGRP.

  • num —The number of peers
  • interface_name —The interface name

Recommended Action If the problem persists, contact the Cisco TAC.

336007

Error Message %FTD-3-336007: Anchor count negative

Explanation An error occurred and the count of the anchor became negative when it was released.

Recommended Action If the problem persists, contact the Cisco TAC.

336008

Error Message %FTD-3-336008: Lingering DRDB deleting IIDB, dest network, nexthop address (interface), origin origin_str

Explanation An interface is being deleted and some lingering DRDB exists.

  • network—The destination network
  • address—The nexthop address
  • interface—The nexthop interface
  • origin_str—String defining the origin

Recommended Action If the problem persists, contact the Cisco TAC.

336009

Error Message %FTD-3-336009 ddb_name as_id: Internal Error

Explanation An internal error occurred.

  • ddb_name —PDM name (for example, IPv4 PDM)
  • as_id —Autonomous system ID

Recommended Action If the problem persists, contact the Cisco TAC.

336010

Error Message %FTD-5-336010 EIGRP-ddb_name tableid as_id: Neighbor address (%interface) is event_msg: msg

Explanation A neighbor went up or down.

  • ddb_name —IPv4
  • tableid — Internal ID for the RIB
  • as_id —Autonomous system ID
  • address —IP address of the neighbor
  • interface —Name of the interface
  • event_msg — Event that is occurring for the neighbor (that is, up or down)
  • msg —Reason for the event. Possible event_msg and msg value pairs include:

- resync: peer graceful-restart

- down: holding timer expired

- up: new adjacency

- down: Auth failure

- down: Stuck in Active

- down: Interface PEER-TERMINATION received

- down: K-value mismatch

- down: Peer Termination received

- down: stuck in INIT state

- down: peer info changed

- down: summary configured

- down: Max hopcount changed

- down: metric changed

- down: [No reason]

Recommended Action Check to see why the link on the neighbor is going down or is flapping. This may be a sign of a problem, or a problem may occur because of this.

336011

Error Message %FTD-6-336011: event event

Explanation A dual event occurred. The events can be one of the following:

  • Redist rt change
  • SIA Query while Active

Recommended Action If the problem persists, contact the Cisco TAC.

336012

Error Message %FTD-3-336012: Interface interface_names going down and neighbor_links links exist

Explanation An interface is going down or is being removed from routing through IGRP, but not all links (neighbors) have been removed from the topology table.

Recommended Action If the problem persists, contact the Cisco TAC.

336013

Error Message %FTD-3-336013: Route iproute, iproute_successors successors, db_successors rdbs

Explanation A hardware or software error occurred.

Recommended Action If the problem persists, contact the Cisco TAC.

336014

Error Message %FTD-3-336014: “EIGRP_PDM_Process_name, event_log”

Explanation A hardware or software error occurred.

Recommended Action If the problem persists, contact the Cisco TAC.

336015

Error Message %FTD-3-336015: “Unable to open socket for AS as_number”

Explanation A hardware or software error occurred.

Recommended Action If the problem persists, contact the Cisco TAC.

336016

Error Message %FTD-3-336016: Unknown timer type timer_type expiration

Explanation A hardware or software error occurred.

Recommended Action If the problem persists, contact the Cisco TAC.

336019

Error Message %FTD-3-336019: process_name as_number: prefix_source threshold prefix level (prefix_threshold) reached

Explanation The number of prefixes in the topology database has reached the configured or default threshold level. The prefix source may be any of the following:

  • Neighbor
  • Redistributed
  • Aggregate

Recommended Action Use the show eigrp accounting command to obtain details about the source of the prefixes and take corrective action.

337000

Error Message %FTD-6-337000: Created BFD session with local discriminator <id> on <real_interface> with neighbor <real_host_ip>

Explanation This syslog message indicates that a BFD active session has been created.

  • id— A numerical field that denotes the local discriminator value for a particular BFD session
  • real_interface— The interface nameif on which the BFD session is running
  • real_host_ip— The IP address of the neighbor with which the BFD session has come up

Recommended Action None.

337001

Error Message %FTD-6-337001: Terminated BFD session with local discriminator <id> on <real_interface> with neighbor <real_host_ip> due to <failure_reason>

Explanation This syslog message indicates that an active BFD session has been terminated.

  • id— A numerical field that denotes the local discriminator value for a particular BFD session
  • real_interface— The interface nameif on which the BFD session is running
  • real_host_ip— The IP address of the neighbor with which the BFD session has come up
  • failure_reason— One of the following failure reasons: BFD going down on peer’s side, BFD configuration removal on peer’s side, Detection timer expiration, Echo function failure, Path to peer going down, Local BFD configuration removal, BFD client configuration removal

Recommended Action None.

337005

Error Message %FTD-4-337005: Phone Proxy SRTP: Media session not found for media_term_ip/media_term_port for packet from in_ifc:src_ip/src_port to out_ifc:dest_ip/dest_port

Explanation The adaptive security appliance received an SRTP or RTP packet that was destined to go to the media termination IP address and port, but the corresponding media session to process this packet was not found.

  • in_ifc—The input interface
  • src_ip—The source IP address of the packet
  • src_port—The source port of the packet
  • out_ifc—The output interface
  • dest_ip—The destination IP address of the packet
  • dest_port—The destination port of the packet.

Recommended Action If this message occurs at the end of the call, it is considered normal because the signaling messages may have released the media session, but the endpoint is continuing to send a few SRTP or RTP packets. If this message occurs for an odd-numbered media termination port, the endpoint is sending RTCP, which must be disabled from the CUCM. If this message happens continuously for a call, debug the signaling message transaction either using phone proxy debug commands or capture commands to determine if the signaling messages are being modified with the media termination IP address and port..

339006

Error Message %FTD-3-339006: Umbrella resolver current resolver ipv46 is reachable, resuming Umbrella redirect.

Explanation Umbrella had failed to open, and the resolver was unreachable. The resolver is now reacheable and service is resumed.

Recommended ActionNone.

339007

Error Message %FTD-3-339007: Umbrella resolver current resolver ipv46 is unreachable, moving to fail-open. Starting probe to resolver.

Explanation Umbrella fail-open has been configured and a resolver unreachabilty has been detected.

Recommended ActionCheck the network settings for reachability to the Umbrella resolvers.

339008

Error Message %FTD-3-339008: Umbrella resolver current resolver ipv46 is unreachable, moving to fail-close.

Explanation Umbrella fail-open has NOT been configured and a resolver unreachabilty has been detected.

Recommended ActionCheck the network settings for reachability to the Umbrella resolvers.

340001

Error Message %FTD-3-340001: Loopback-proxy error: error_string context id context_id , context type = version /request_type /address_type client socket (internal)= client_address_internal /client_port_internal server socket (internal)= server_address_internal /server_port_internal server socket (external)= server_address_external /server_port_external remote socket (external)= remote_address_external /remote_port_external

Explanation Loopback proxy allows third-party applications running on the Secure Firewall Threat Defense device to access the network. The loopback proxy encountered an error.

  • context_id— A unique, 32-bit context ID that is generated for each loopback client proxy request
  • version —The protocol version
  • request_type —The type of request, which can be one of the following: TC (TCP connection), TB (TCP bind), or UA (UDP association)
  • address_type —The types of addresses, which can be one of the following: IP4 (IPv4), IP6 (IPv6), or DNS (domain name service)
  • client_address_internal/server_address_internal— The addresses that the loopback client and the loopback server used for communication
  • client_port_internal /server_port_internal— The ports that the loopback client and the loopback server used for communication
  • server_address_external /remote_address_external —The addresses that the loopback server and the remote host used for communication
  • server_port_external /remote_port_external —The ports that the loopback server and the remote host used for communication
  • error_string —The error string that may help troubleshoot the problem

Recommended Action Copy the syslog message and contact the Cisco TAC.

340002

Error Message %FTD-6-340002: Loopback-proxy info: error_string context id context_id , context type = version /request_type /address_type client socket (internal)= client_address_internal /client_port_internal server socket (internal)= server_address_internal /server_port_internal server socket (external)= server_address_external /server_port_external remote socket (external)= remote_address_external /remote_port_external

Explanation Loopback proxy allows third-party applications running on the Secure Firewall Threat Defense device to access the network. The loopback proxy generated debugging information for use in troubleshooting.

  • context_id— A unique, 32-bit context ID that is generated for each loopback client proxy request
  • version —The protocol version
  • request_type —The type of request, which can be one of the following: TC (TCP connection), TB (TCP bind), or UA (UDP association)
  • address_type —The types of addresses, which can be one of the following: IP4 (IPv4), IP6 (IPv6), or DNS (domain name service)
  • client_address_internal/server_address_internal— The addresses that the loopback client and the loopback server used for communication
  • client_port_internal /server_port_internal— The ports that the loopback client and the loopback server used for communication
  • server_address_external /remote_address_external —The addresses that the loopback server and the remote host used for communication
  • server_port_external /remote_port_external —The ports that the loopback server and the remote host used for communication
  • error_string —The error string that may help troubleshoot the problem

Recommended Action Copy the syslog message and contact the Cisco TAC.

341001

Error Message %FTD-6-341001: Policy Agent started successfully for VNMC vnmc_ip_addr

Explanation The policy agent processes (DME, ducatiAG, and commonAG) started successfully.

  • vnmc_ip_addr —-The IP address of the VNMC server

Recommended Action None.

341002

Error Message %FTD-6-341002: Policy Agent stopped successfully for VNMC vnmc_ip_addr

Explanation The policy agent processes (DME, ducatiAG, and commonAG) were stopped.

  • vnmc_ip_addr —-The IP address of the VNMC server

Recommended Action None.

341003

Error Message %FTD-3-341003: Policy Agent failed to start for VNMC vnmc_ip_addr

Explanation The policy agent failed to start.

  • vnmc_ip_addr —-The IP address of the VNMC server

Recommended Action Check for console history and the disk0:/pa/log/vnm_pa_error_status for error messages. To retry starting the policy agent, issue the registration host command again.

341004

Error Message %FTD-3-341004: Storage device not available: Attempt to shutdown module %s failed.

Explanation All SSDs have failed or been removed with the system in Up state. The system has attempted to shut down the software module, but that attempt has failed.

  • %s —The software module (for example, cxsc)

Recommended Action Replace the remved or failed drive and reload the Secure Firewall Threat Defense device.

341005

Error Message %FTD-3-341005: Storage device not available. Shutdown issued for module %s .

Explanation All SSDs have failed or been removed with the system in Up state. The system is shutting down the software module.

  • %s —The software module (for example, cxsc)

Recommended Action Replace the removed or failed drive and reload the software module.

341006

Error Message %FTD-3-341006: Storage device not available. Failed to stop recovery of module %s .

Explanation All SSDs have failed or been removed with the system in recorvery state. The system attempted to stop the recover, but that attempt failed.

  • %s —The software module (for example, cxsc)

Recommended Action Replace the removed or failed drive and reload the Secure Firewall Threat Defense device.

341007

Error Message %FTD-3-341007: Storage device not available. Further recovery of module %s was stopped. This may take several minutes to complete.

Explanation All SSDs have failed or been removed with the system in recovery state. The system is stopping the recovery of the softwaremodule.

  • %s —The software module (for example, cxsc)

Recommended Action Replace the removed or failed drive and reload the software module.

341008

Error Message %FTD-3-341008: Storage device not found. Auto-boot of module %s cancelled. Install drive and reload to try again.

Explanation After getting the system into Up state, all SSDs have failed or been removed before reloading the system. Because the default action during boot is to auto-boot the software module, that action is blocked because there is no storage device available.

Recommended Action Replace the removed or failed drive and reload the software module.

341010

Error Message %FTD-6-341010: Storage device with serial number ser_no [inserted into | removed from] bay bay_no

Explanation The Secure Firewall Threat Defense device has detected insertion or removal events and generates this syslog message immediately.

Recommended Action None required.

341011

Error Message %FTD-3-341011: Storage device with serial number ser_no in bay bay_no faulty.

Explanation The Secure Firewall Threat Defense device polls the hard disk drive (HDD) health status every 10 minutes and generates this syslog message if the HDD is in a failed state.

Recommended Action None required.