Messages 722001 to 722056
This section includes messages from 722001 to 722056.
722001
Error Message
%FTD-4-722001: IP IP_address Error parsing SVC connect request.
Explanation The request from the SVC was invalid.
Recommended Action Research as necessary to determine if this error was caused by a defect in the SVC, an incompatible SVC version, or an attack against the device.
722002
Error Message
%FTD-4-722002: IP IP_address Error consolidating SVC connect request.
Explanation There is not enough memory to perform the action.
Recommended Action Purchase more memory, upgrade the device, or reduce the load on the device.
722003
Error Message
%FTD-4-722003: IP IP_address Error authenticating SVC connect request.
Explanation The user took too long to download and connect.
Recommended Action Increase the timeouts for session idle and maximum connect time.
722004
Error Message
%FTD-4-722004: Group group User user-name IP IP_address Error responding to SVC connect request.
Explanation There is not enough memory to perform the action.
Recommended Action Purchase more memory, upgrade the device, or reduce the load on the device.
722005
Error Message
%FTD-5-722005: Group group User user-name IP IP_address Unable to update session information for SVC connection.
Explanation There is not enough memory to perform the action.
Recommended Action Purchase more memory, upgrade the device, or reduce the load on the device.
722006
Error Message
%FTD-5-722006: Group group User user-name IP IP_address Invalid address IP_address assigned to SVC connection.
Explanation An invalid address was assigned to the user.
Recommended Action Verify and correct the address assignment, if possible. Otherwise, notify your network administrator or escalate this issue according to your security policy. For additional assistance, contact the Cisco TAC.
722007
Error Message
%FTD-3-722007: Group group User user-name IP IP_address SVC Message: type-num /ERROR: message
Explanation The SVC issued a message.
- type-num— A number from 0 to 31 indicating a message type. Message types are as follows:
- 0—Normal
- 16—Logout
- 17—Closed due to error
- 18—Closed due to rekey
- 1-15, 19-31—Reserved and unused
- message—A text message from the SVC
Recommended Action None required.
722008
Error Message
%FTD-3-722008: Group group User user-name IP IP_address SVC Message: type-num /ERROR: message
Explanation The SVC issued a message.
- type-num— A number from 0 to 31 indicating a message type. Message types are as follows:
- 0—Normal
- 16—Logout
- 17—Closed due to error
- 18—Closed due to rekey
- 1-15, 19-31—Reserved and unused
- message—A text message from the SVC
Recommended Action None required.
722009
Error Message
%FTD-3-722009: Group group User user-name IP IP_address SVC Message: type-num /ERROR: message
Explanation The SVC issued a message.
- type-num— A number from 0 to 31 indicating a message type. Message types are as follows:
- 0—Normal
- 16—Logout
- 17—Closed due to error
- 18—Closed due to rekey
- 1-15, 19-31—Reserved and unused
- message—A text message from the SVC
Recommended Action None required.
722010
Error Message
%FTD-5-722010: Group group User user-name IP IP_address SVC Message: type-num /NOTICE: message
Explanation The SVC issued a message.
- type-num— A number from 0 to 31 indicating a message type. Message types are as follows:
- 0—Normal
- 16—Logout
- 17—Closed due to error
- 18—Closed due to rekey
- 1-15, 19-31—Reserved and unused
- message—A text message from the SVC
Recommended Action None required.
722011
Error Message
%FTD-5-722011: Group group User user-name IP IP_address SVC Message: type-num /NOTICE: message
Explanation The SVC issued a message.
- type-num— A number from 0 to 31 indicating a message type. Message types are as follows:
- 0—Normal
- 16—Logout
- 17—Closed due to error
- 18—Closed due to rekey
- 1-15, 19-31—Reserved and unused
- message—A text message from the SVC
Recommended Action None required.
722012
Error Message
%FTD-5-722012: Group group User user-name IP IP_address SVC Message: type-num /INFO: message
Explanation The SVC issued a message.
- type-num— A number from 0 to 31 indicating a message type. Message types are as follows:
- 0—Normal
- 16—Logout
- 17—Closed due to error
- 18—Closed due to rekey
- 1-15, 19-31—Reserved and unused
- message—A text message from the SVC
Recommended Action None required.
722013
Error Message
%FTD-6-722013: Group group User user-name IP IP_address SVC Message: type-num /INFO: message
Explanation The SVC issued a message.
- type-num— A number from 0 to 31 indicating a message type. Message types are as follows:
- 0—Normal
- 16—Logout
- 17—Closed due to error
- 18—Closed due to rekey
- 1-15, 19-31—Reserved and unused
- message—A text message from the SVC
Recommended Action None required.
722014
Error Message
%FTD-6-722014: Group group User user-name IP IP_address SVC Message: type-num /INFO: message
Explanation The SVC issued a message.
- type-num— A number from 0 to 31 indicating a message type. Message types are as follows:
- 0—Normal.
- 16—Logout
- 17—Closed due to error
- 18—Closed due to rekey
- 1-15, 19-31—Reserved and unused
- message—A text message from the SVC
Recommended Action None required.
722015
Error Message
%FTD-4-722015: Group group User user-name IP IP_address Unknown SVC frame type: type-num
Explanation The SVC sent an invalid frame type to the device, which might be caused by an SVC version incompatibility.
- type-num—The number identifier of the frame type
Recommended Action Verify the SVC version.
722016
Error Message
%FTD-4-722016: Group group User user-name IP IP_address Bad SVC frame length: length expected: expected-length
Explanation The expected amount of data was not available from the SVC, which might be caused by an SVC version incompatibility.
Recommended Action Verify the SVC version.
722017
Error Message
%FTD-4-722017: Group group User user-name IP IP_address Bad SVC framing: 525446, reserved: 0
Explanation The SVC sent a badly framed datagram, which might be caused by an SVC version incompatibility.
Recommended Action Verify the SVC version.
722018
Error Message
%FTD-4-722018: Group group User user-name IP IP_address Bad SVC protocol version: version , expected: expected-version
Explanation The SVC sent a version unknown to the device, which might be caused by an SVC version incompatibility.
Recommended Action Verify the SVC version.
722019
Error Message
%FTD-4-722019: Group group User user-name IP IP_address Not enough data for an SVC header: length
Explanation The expected amount of data was not available from the SVC, which might be caused by an SVC version incompatibility.
Recommended Action Verify the SVC version.
722020
Error Message
%FTD-3-722020: TunnelGroup tunnel_group GroupPolicy group_policy User user-name IP IP_address No address available for SVC connection
Explanation Address assignment failed for the AnyConnect session. No IP addresses are available.
- tunnel_group—The name of the tunnel group that the user was assigned to or used to log in
- group_policy —The name of the group policy that the user was assigned to
- user-name —The name of the user with which this message is associated
- IP_address —The public IP (Internet) address of the client machine
Recommended Action Check the configuration listed in the ip local ip command to see if enough addresses exist in the pools that have been assigned to the tunnel group and the group policy. Check the DHCP configuration and status. Check the address assignment configuration. Enable IPAA syslog messages to determine why the AnyConnect client cannot obtain an IP address.
722028
Error Message
%FTD-5-722028: Group group User user-name IP IP_address Stale SVC connection closed.
Explanation An unused SVC connection was closed.
Recommended Action None required. However, the client may be having trouble connecting if multiple connections are established. The SVC log should be examined.
722029
Error Message
%FTD-7-722029: Group group User user-name IP IP_address SVC Session Termination: Conns: connections , DPD Conns: DPD_conns , Comp resets: compression_resets , Dcmp resets: decompression_resets
Explanation The number of connections, reconnections, and resets that have occurred are reported. If connections is greater than 1 or the number of DPD_conns, compression_resets, or decompression_resets is greater than 0, it may indicate network reliability problems, which may be beyond the control of the Secure Firewall Threat Defense administrator. If there are many connections or DPD connections, the user may be having problems connecting and may experience poor performance.
- connections—The total number of connections during this session (one is normal)
- DPD_conns—The number of reconnections due to DPD
- compression_resets—The number of compression history resets
- decompression_resets—The number of decompression history resets
Recommended Action The SVC log should be examined. You may want to research and take appropriate action to resolve possible network reliability problems.
722030
Error Message
%FTD-7-722030: Group group User user-name IP IP_address SVC Session Termination: In: data_bytes (+ctrl_bytes ) bytes, data_pkts (+ctrl_pkts ) packets, drop_pkts drops
Explanation End-of-session statistics are being recorded.
- data_bytes—The number of inbound (from SVC) data bytes
- ctrl_bytes—The number of inbound control bytes
- data_pkts—The number of inbound data packets
- ctrl_pkts—The number of inbound control packets
- drop_pkts—The number of inbound packets that were dropped
Recommended Action None required.
722031
Error Message
%FTD-7-722031: Group group User user-name IP IP_address SVC Session Termination: Out: data_bytes (+ctrl_bytes ) bytes, data_pkts (+ctrl_pkts ) packets, drop_pkts drops.
Explanation End-of-session statistics are being recorded. The statistics include data bytes, control packet bytes, data packets, control packets, and dropped packets.
-
data_bytes—The number of outbound (to SVC) data bytes
-
ctrl_bytes—The number of outbound control bytes
-
data_pkts—The number of outbound data packets
-
ctrl_pkts—The number of outbound control packets
-
drop_pkts—The number of outbound packets that were dropped
In some cases, the dropped packets count is more than the overall data and control packets because this syslog does not provide the break-down of the dropped packets. Few examples of such instances:
2020-09-30T09:06:09.254798+00:00 local4.err pg122d-vpn116 %ASA-3-722031: Group <GP_1> User <xxxxxxxxxxxx.xxxxxxxxxx@intel.com>
IP <x.x.x.x> SVC Session Termination: Out: 800808 (+32) bytes, 1957 (+4) packets, 3358 drops.
2020-09-30T08:53:11.359833+00:00 local4.err srr10c-vpn103 %ASA-3-722031: Group <GP_2> User <xxxxxxxxxxxx.xxxxxxxxxx@intel.com>
IP <x.x.x.x> SVC Session Termination: Out: 413194 (+32) bytes, 1540 (+4) packets, 2059 drops.
2020-09-30T08:37:59.287415+00:00 local4.err srr10c-vpn115 %ASA-3-722031: Group <GP_3> User <xxxxxxxxxxxx.xxxxxxxxxx@intel.com>
IP <x.x.x.x> SVC Session Termination: Out: 571473 (+48) bytes, 1283 (+6) packets, 1323 drops.
2020-09-30T08:31:48.105943+00:00 local4.err srr10c-vpn114 %ASA-3-722031: Group <GP_4> User <xxxxxxxxxxxx.xxxxxxxxxx@intel.com>
IP <x.x.x.x> SVC Session Termination: Out: 131566 (+0) bytes, 283 (+0) packets, 320 drops.
2020-09-30T08:28:38.053003+00:00 local4.err pg122d-vpn117 %ASA-3-722031: Group <GP_5> User <xxxxxxxxxxxx.xxxxxxxxxx@intel.com>
IP <x.x.x.x> SVC Session Termination: Out: 497446 (+23) bytes, 1048 (+1) packets, 1128 drops.
2020-09-30T07:45:43.044373+00:00 local4.err srr10c-vpn114 %ASA-3-722031: Group <GP_6> User <xxxxxxxxxxxx.xxxxxxxxxx@intel.com>
IP <x.x.x.x> SVC Session Termination: Out: 153165 (+16) bytes, 398 (+2) packets, 1045 drops.
Recommended Action None required.
722032
Error Message
%FTD-5-722032: Group group User user-name IP IP_address New SVC connection replacing old connection.
Explanation A new SVC connection is replacing an existing one. You may be having trouble connecting.
Recommended Action Examine the SVC log.
722033
Error Message
%FTD-5-722033: Group group User user-name IP IP_address First SVC connection established for SVC session.
Explanation The first SVC connection was established for the SVC session.
Recommended Action None required.
722034
Error Message
%FTD-5-722034: Group group User user-name IP IP_address New SVC connection, no existing connection.
Explanation A reconnection attempt has occurred. An SVC connection is replacing a previously closed connection. There is no existing connection for this session because the connection was already dropped by the SVC or the Secure Firewall Threat Defense device. You may be having trouble connecting.
Recommended Action Examine the Secure Firewall Threat Defense device log and SVC log.
722035
Error Message
%FTD-3-722035: Group group User user-name IP IP_address Received large packet length (threshold num ).
Explanation A large packet was received from the client.
- length—The length of the large packet
- num—The threshold
Recommended Action Enter the anyconnect ssl df-bit-ignore enable command under the group policy to allow the Secure Firewall Threat Defense device to fragment the packets arriving with the DF bit set.
722036
Error Message
%FTD-6-722036: Group group User user-name IP IP_address Transmitting large packet length (threshold num ).
Explanation A large packet was sent to the client. The source of the packet may not be aware of the MTU of the client. This could also be due to compression of non-compressible data.
- length—The length of the large packet
- num—The threshold
Recommended Action Turn off SVC compression, otherwise, none required.
722037
Error Message
%FTD-5-722037: Group group User user-name IP IP_address SVC closing connection: reason .
Explanation An SVC connection was terminated for the given reason. This behavior may be normal, or you may be having trouble connecting.
- reason—The reason that the SVC connection was terminated
Recommended Action Examine the SVC log.
722038
Error Message
%FTD-5-722038: Group group-name User user-name IP IP_address SVC terminating session: reason .
Explanation An SVC session was terminated for the given reason. This behavior may be normal, or you may be having trouble connecting.
- reason—The reason that the SVC session was terminated
Recommended Action Examine the SVC log if the reason for termination was unexpected.
722041
Error Message
%FTD-4-722041: TunnelGroup tunnel_group GroupPolicy group_policy User username IP peer_address No IPv6 address available for SVC connection.
Explanation An IPv6 address was not available for assignment to the remote SVC client.
- n —The SVC connection identifier
Recommended Action Augment or create an IPv6 address pool, if desired.
722042
Error Message
%FTD-4-722042: Group group User user IP ip Invalid Cisco SSL Tunneling Protocol version.
Explanation An invalid SVC or AnyConnect client is trying to connect.
- group —The name of the group policy with which the user is trying to connect
- user —The name of the user who is trying to connect
- ip —The IP address of the user who is trying to connect
Recommended Action Validate that the SVC or AnyConnect client is compatible with the Secure Firewall Threat Defense device.
722043
Error Message
%FTD-5-722043: Group group User user IP ip DTLS disabled: unable to negotiate cipher.
Explanation The DTLS (UDP transport) cannot be established. The SSL encryption configuration was probably changed.
- group —The name of the group policy with which the user is trying to connect
- user —The name of the user who is trying to connect
- ip —The IP address of the user who is trying to connect
Recommended Action Revert the SSL encryption configuration. Make sure there is at least one block cipher (AES, DES, or 3DES) in the SSL encryption configuration.
722044
Error Message
%FTD-5-722044: Group group User user IP ip Unable to request ver address for SSL tunnel.
Explanation An IP address cannot be requested because of low memory on the Secure Firewall Threat Defense device.
- group —The name of the group policy with which the user is trying to connect
- user —The name of the user who is trying to connect
- ip —The IP address of the user who is trying to connect
- ver —Either IPv4 or IPv6, based on the IP address version being requested
Recommended Action Reduce the load on the Secure Firewall Threat Defense device or add more memory.
722045
Error Message
%FTD-3-722045: Connection terminated: no SSL tunnel initialization data.
Explanation Data to establish a connection is missing. This is a defect in the Secure Firewall Threat Defense software.
Recommended Action Contact the Cisco TAC for assistance.
722046
Error Message
%FTD-3-722046: Group group User user IP ip Session terminated: unable to establish tunnel.
Explanation The Secure Firewall Threat Defense device cannot set up connection parameters. This is a defect in the Secure Firewall Threat Defense software.
- group —The name of the group policy with which the user is trying to connect
- user —The name of the user who is trying to connect
- ip —The IP address of the user who is trying to connect
Recommended Action Contact the Cisco TAC for assistance.
722047
Error Message
%FTD-4-722047: Group group User user IP ip Tunnel terminated: SVC not enabled or invalid SVC image on the ASA.
Explanation The user logged in via the web browser and tried to start the SVC or AnyConnect client. The SVC service is not enabled globally, or the SVC image is invalid or corrupted. The tunnel connection has been terminated, but the clientless connection remains.
- group —The name of the group policy with which the user is trying to connect
- user —The name of the user who is trying to connect
- ip —The IP address of the user who is trying to connect
Recommended Action Enable the SVC globally using the svc enable command. Validate the integrity of versions of the SVC images by reloading new images using the svc image command.
722048
Error Message
%FTD-4-722048: Group group User user IP ip Tunnel terminated: SVC not enabled for the user.
Explanation The user logged in via the web browser, and tried to start the SVC or AnyConnect client. The SVC service is not enabled for this user. The tunnel connection has been terminated, but the clientless connection remains.
- group —The name of the group policy with which the user is trying to connect
- user —The name of the user who is trying to connect
- ip —The IP address of the user who is trying to connect
Recommended Action Enable the service for this user using the group-policy and username commands.
722049
Error Message
%FTD-4-722049: Group group User user IP ip Session terminated: SVC not enabled or invalid image on the ASA.
Explanation The user logged in via the AnyConnect client. The SVC service is not enabled globally, or the SVC image is invalid or corrupted. The session connection has been terminated.
- group —The name of the group policy with which the user is trying to connect
- user —The name of the user who is trying to connect
- ip —The IP address of the user who is trying to connect
Recommended Action Enable the SVC globally using the svc-enable command. Validate the integrity and versions of the SVC images by reloading new images using the svc image command.
722050
Error Message
%FTD-4-722050: Group group User user IP ip Session terminated: SVC not enabled for the user.
Explanation The user logged in through the AnyConnect client. The SVC service is not enabled for this user. The session connection has been terminated.
- group —The name of the group policy with which the user is trying to connect
- user —The name of the user who is trying to connect
- ip —The IP address of the user who is trying to connect
Recommended Action Enable the service for this user using the group-policy and username commands.
722051
Error Message
%FTD-6-722051: Group group-policy User username IP public-ip IPv4 Address assigned-ip IPv6 Address assigned-ip assigned to session
Explanation The specified address has been assigned to the given user.
- group-policy —The group policy that allowed the user to gain access
- username —The name of the user
- public-ip —The public IP address of the connected client
- assigned-ip —The IPv4 or IPv6 address that is assigned to the client
Recommended Action None required.
722053
Error Message
%FTD-6-722053: Group g User u IP ip Unknown client user-agent connection.
Explanation An unknown or unsupported SSL VPN client has connected to the Secure Firewall Threat Defense device. Older clients include the Cisco SVC and the Cisco AnyConnect client earlier than Version 2.3.1.
- g —The group policy under which the user logged in
- u —The name of the user
- ip —The IP address of the client
- user-agent —The user agent (usually includes the version) received from the client
Recommended Action Upgrade to a supported Cisco SSL VPN client.
722054
Error Message
%FTD-4-722054: Group group policy User user name IP remote IP SVC terminating connection: Failed to install Redirect URL: redirect URL Redirect ACL: non_exist for assigned IP
Explanation An error occurred for an AnyConnect VPN connection when a redirect URL was installed, and the ACL was received from the ISE, but the redirect ACL does not exist on the Secure Firewall Threat Defense device.
- group policy —The group policy that allowed the user to gain access
- user name —Username of the requester for the remote access
- remote IP — Remote IP address that the connection request is coming from
- redirect URL —The URL for the HTTP traffic redirection
- assigned IP —The IP address that is assigned to the user
Recommended Action Configure the redirect ACL on the Secure Firewall Threat Defense device.
722055
Error Message
%FTD-6-722055: Group group-policy User username IP public-ip Client Type: user-agent
Explanation The indicated user is attempting to connect with the given user-agent.
- group-policy —The group policy that allowed the user to gain access
- username —The name of the user
- public-ip —The public IP address of the connected client
- user-agent —The user-agent string provided by the connecting client. Usually includes the AnyConnect version and host operating system for AnyConnect clients.
Recommended Action None required.
722056
Error Message
%FTD-4-722055: Unsupported AnyConnect client connection rejected from ip address. Client info: user-agent string. Reason: reason
Explanation This syslog indicates that an AnyConnect client connection is rejected. The reason for this is provided in the syslog along with the client information.
- ip address —IP address from which a connection with the old client is attempted,
- user- agent string —User-Agent header in the client request. Usually includes the AnyConnect version and host operating system for AnyConnect clients
- reason —Reason for rejection
Recommended Action Use the client information and reason provided in the syslog to resolve the issue.