Table Of Contents
Messages Listed by Severity Level
Alert Messages, Severity 1
Critical Messages, Severity 2
Error Messages, Severity 3
Warning Messages, Severity 4
Notification Messages, Severity 5
Informational Messages, Severity 6
Debugging Messages, Severity 7
Messages Listed by Severity Level
This appendix contains the following sections:
•Alert Messages, Severity 1
•Critical Messages, Severity 2
•Error Messages, Severity 3
•Warning Messages, Severity 4
•Notification Messages, Severity 5
•Informational Messages, Severity 6
•Debugging Messages, Severity 7
Note PIX Firewall does not send severity 0, emergency messages to syslog. These are analogous to a UNIX panic message and denote an unstable system.
Alert Messages, Severity 1
The following messages appear at severity 1, alerts:
•%PIX-1-101002: (Primary) Bad failover cable.
•%PIX-1-101003: (Primary) Failover cable not connected (this unit).
•%PIX-1-101004: (Primary) Failover cable not connected (other unit).
•%PIX-1-101005: (Primary) Error reading failover cable status.
•%PIX-1-102001: (Primary) Power failure/System reload other side.
•%PIX-1-103001: (Primary) No response from other firewall (reason code = code).
•%PIX-1-103002: (Primary) Other firewall network interface interface_number OK.
•%PIX-1-103004: (Primary) Other firewall reports this firewall failed.
•%PIX-1-103005: (Primary) Other firewall reporting failure.
•%PIX-1-104001: (Primary) Switching to ACTIVE (cause: reason).
•%PIX-1-104002: (Primary) Switching to STNDBY (cause: reason).
•%PIX-1-104003: (Primary) Switching to FAILED.
•%PIX-1-104004: (Primary) Switching to OK.
•%PIX-1-105001: (Primary) Disabling failover.
•%PIX-1-105002: (Primary) Enabling failover.
•%PIX-1-105003: (Primary) Monitoring on interface int_name waiting
•%PIX-1-105004: (Primary) Monitoring on interface int_name normal
•%PIX-1-105005: (Primary) Lost Failover communications with mate on interface int_name.
•%PIX-1-105006: (Primary) Link status `Up' on interface int_name.
•%PIX-1-105007: (Primary) Link status `Down' on interface int_name.
•%PIX-1-105008: (Primary) Testing interface int_name.
•%PIX-1-105009: (Primary) Testing on interface int_name result.
•%PIX-1-105020: (Primary) Incomplete/slow config replication
•%PIX-1-106021: Deny protocol reverse path check from src_addr to dest_addr on interface int_name
•%PIX-1-106022: Deny protocol connection spoof from src_addr to dest_addr on interface int_name
•%PIX-1-709003: (Primary) Beginning configuration replication: Receiving from mate.
•%PIX-1-709004: (Primary) End Configuration Replication (ACT)
•%PIX-1-709005: (Primary) Beginning configuration replication: Receiving from mate.
•%PIX-1-709006: (Primary) End Configuration Replication (STB)
Critical Messages, Severity 2
The following messages appear at severity 2, critical:
•%PIX-2-106001: Inbound TCP connection denied from IP_addr/port to IP_addr/port flags TCP_flags on interface int_name
•%PIX-2-106002: protocol Connection denied by outbound list list_ID src laddr dest faddr
•%PIX-2-106006: Deny inbound UDP from faddr/fport to laddr/lport on interface int_name.
•%PIX-2-106007: Deny inbound UDP from faddr/fport to laddr/lport due to DNS flag.
•%PIX-2-106012: Deny IP from IP_addr to IP_addr, IP options hex.
•%PIX-2-106013: Dropping echo request from IP_addr to PAT address IP_Addr
•%PIX-2-106016: Deny IP spoof from (IP_addr) to IP_addr on interface int_name.
•%PIX-2-106017: Deny IP due to Land Attack from IP_addr to IP_addr
•%PIX-2-106018: ICMP packet type ICMP_type denied by outbound list list_ID src laddr dest faddr
•%PIX-2-109011: Authen Session Start: user 'user', sid session_num
•%PIX-2-112001: (chars:dec) pix clear finished.
•%PIX-2-201003: Embryonic limit exceeded neconns/elimit for faddr/fport (gaddr) laddr/lport on interface int_name
•%PIX-2-304007: URL Server IP_addr not responding, ENTERING ALLOW mode.
•%PIX-2-304008: LEAVING ALLOW mode, URL Server is up.
•%PIX-2-709007: Configuration replication failed for command command_name
Error Messages, Severity 3
The following messages appear at severity 3, errors:
•%PIX-3-105010: (Primary) Failover message block alloc failed
•%PIX-3-106010: Deny inbound icmp src outside: IP_addr dst inside: IP_addr (type dec, code dec)
•%PIX-3-106014: Deny inbound icmp src interface name: IP_addr dst interface name: IP_addr (type dec, code dec)
•%PIX-3-109010: Auth from laddr/lport to faddr/fport failed (too many pending auths) on interface int_name.
•%PIX-3-109016: Downloaded authorization access-list acl_ID not found for user 'username'
•%PIX-3-110002: No ARP for host IP_addr
•%PIX-3-201002: Too many connections on static|xlate gaddr! econns nconns
•%PIX-3-201005: FTP data connection failed for IP_addr
•%PIX-3-201006: RCMD backconnection failed for IP_addr/port
•%PIX-3-201008: The PIX is disallowing new connections.
•%PIX-3-202001: Out of address translation slots!
•%PIX-3-202005: Non-embryonic in embryonic list faddr/fport laddr/lport
•%PIX-3-208005: (function:line_num) pix clear command return return_code
•%PIX-3-210001: LU SW_Module_Name error = error_code
•%PIX-3-210002: LU allocate block (size) failed.
•%PIX-3-210003: Unknown LU Object ID
•%PIX-3-210005: LU allocate connection failed
•%PIX-3-210006: LU look NAT for IP_addr failed
•%PIX-3-210007: LU allocate xlate failed
•%PIX-3-210008: LU no xlate for laddr/l_port faddr/f_port
•%PIX-3-210010: LU make UDP connection for faddr:f_port laddr:l_port failed
•%PIX-3-210020: LU PAT port port_number reserve failed
•%PIX-3-210021: LU create static xlate global_IP ifc int_name failed
•%PIX-3-211001: Memory allocation Error
•%PIX-3-212001: Unable to open SNMP channel (UDP port udp_port) on interface interface_number, error code = code
•%PIX-3-212002: Unable to open SNMP trap channel (UDP port udp_port) on interface interface_number, error code = code
•%PIX-3-212003: Unable to receive an SNMP request on interface interface_number, error code = code, will try again.
•%PIX-3-212004: Unable to send an SNMP response to IP Address IP_addr Port port interface interface_number, error code = code
•%PIX-3-302302: ACL = deny; no sa created
•%PIX-3-305005: No translation group found for protocol.
•%PIX-3-305006: Regular translation creation failed for protocol src int_name:IP_addr/port dst int_name:IP_addr/port
•%PIX-3-305008: Free unallocated global IP address.
•%PIX-3-309001: Denied manager connection from IP_addr.
•%PIX-3-313001: Denied ICMP type=icmp_type, code=type_code from IP_addr on interface int_name
•%PIX-3-315001: Denied SSH session from IP_addr on interface int_name
•%PIX-3-315004: Fail to establish SSH session because PIX RSA host key retrieval failed.
•%PIX-3-702302: replay rollover detected...
Warning Messages, Severity 4
The following messages appear at severity 4, warning:
•%PIX-4-209003: Fragment database limit of bytes exceeded: src = IP_addr, dest = IP_addr, proto = protocol, id = ID
•%PIX-4-209004: Invalid IP fragment, size = bytes exceeds maximum size = bytes: src = IP_addr, dest = IP_addr, proto = protocol, id = ID
•%PIX-4-209005: Discard IP fragment set with more than number elements: src = IP_addr, dest = IP_addr, proto = protocol, id = ID
•%PIX-4-308002: static gaddr1 laddr1 netmask mask1 overlapped with gaddr2 laddr2
•%PIX-4-4000nn: IDS:sig_num sig_msg from IP_addr to IP_addr on interface int_name
•%PIX-4-402101: decaps: rec'd IPSEC packet has invalid spi for destaddr=IP_addr, prot=protocol, spi=spi
•%PIX-4-402102: decapsulate: packet missing packet_type, destadr=dest_addr, actual prot=protocol
•%PIX-4-402103: identity doesn't match negotiated identity (ip) dest_addr= IP_addr, src_addr= IP_addr, prot= protocol, (ident) local=IP_addr, remote=IP_addr, local_proxy=IP_addr/IP_addr/port/port, remote_proxy=IP_addr/IP_addr/port/port
•%PIX-4-402106: Rec'd packet not an IPSEC packet (ip) dest_addr= IP_addr, src_addr= IP_addr, prot= protocol
•%PIX-4-403101: PPTP session state not established, but received an XGRE packet, tunnel_id=id, session_id=session
•%PIX-4-403102: PPP virtual interface int_name rcvd pkt with invalid protocol: protocol, reason: text.
•%PIX-4-403103: PPP virtual interface max connections reached.
•%PIX-4-403104: PPP virtual interface int_name requires mschap for MPPE.
•%PIX-4-403106: PPP virtual interface int_name requires RADIUS for MPPE.
•%PIX-4-403107: PPP virtual interface int_name missing aaa server group info
•%PIX-4-403108: PPP virtual interface int_name missing client ip address option
•%PIX-4-403109: Rec'd packet not an PPTP packet. (ip) dest_addr= IP_addr, src_addr= IP_addr, data: text.
•%PIX-4-403110: PPP virtual interface int_name, user: user missing MPPE key from aaa server.
•%PIX-4-404101: ISAKMP: Failed to allocate address for client from pool pool_id
•%PIX-4-405101: Unable to Pre-allocate H225 Call Signalling Connection for faddr faddr[/fport] to laddr laddr[/lport]
•%PIX-4-405102: Unable to Pre-allocate H245 Connection for faddr faddr[/fport] to laddr laddr[/lport]
•%PIX-4-500004: Invalid transport field for protocol=protocol, from src_addr/src_port to dest_addr/dest_port
Notification Messages, Severity 5
The following messages appear at severity 5, notifications:
•%PIX-5-109012: Authen Session End: user 'user', sid session_num, elapsed num seconds
•%PIX-5-111003: IP_addr Erase configuration
•%PIX-5-111004: IP_addr end configuration: [FAILED]|[OK]
•%PIX-5-111005: IP_addr end configuration: OK
•%PIX-5-111006: Console Login from user at IP_addr
•%PIX-5-111007: Begin configuration: IP_addr reading from device.
•%PIX-5-111008: User 'user' executed the 'cmd' command.
•%PIX-5-199001: PIX reload command executed from IP_addr.
•%PIX-5-304001: user src_addr Accessed JAVA URL|URL dest_addr: url.
•%PIX-5-304002: Access denied URL chars SRC IP_addr DEST IP_addr: chars
•%PIX-5-500001: ActiveX content modified src IP_addr dest IP_addr on interface int_name.
•%PIX-5-500002: Java content modified src IP_addr dest IP_addr on interface int_name.
•%PIX-5-500003: Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from src_addr/sport to dest_addr/dport, flags: tcp_flags, on interface int_name
Informational Messages, Severity 6
The following messages appear at severity 6, informational:
•%PIX-6-106015: Deny TCP (no connection) from IP_addr/port to IP_addr/port flags flags on interface int_name.
•%PIX-6-109001: Auth start for user `username' from laddr/lport to faddr/fport
•%PIX-6-109002: Auth from laddr/lport to faddr/fport failed (server IP_addr failed) on interface int_name.
•%PIX-6-109003: Auth from laddr to faddr/fport failed (all servers failed) on interface int_name.
•%PIX-6-109005: Authentication succeeded for user `user' from laddr/lport to faddr/fport on interface int_name.
•%PIX-6-109006: Authentication failed for user `user' from laddr/lport to faddr/fport on interface int_name.
•%PIX-6-109007: Authorization permitted for user `user' from laddr/lport to faddr/fport on interface int_name.
•%PIX-6-109008: Authorization denied for user `user' from faddr/fport to laddr/lport on interface int_name.
•%PIX-6-109009: Authorization denied from laddr/lport to faddr/fport (not authenticated) on interface int_name.
•%PIX-6-109015: Authorization denied (acl=acl_ID) for user 'username' from src_addr/src_port to dest_addr/dest_port on interface int_name
•%PIX-6-199002: PIX startup completed. Beginning operation.
•%PIX-6-199003: Reducing Link MTU dec.
•%PIX-6-199005: PIX Startup begin
•%PIX-6-210022: LU missed number updates
•%PIX-6-302001: Built inbound|outbound TCP connection id for faddr faddr/fport gaddr gaddr/gport laddr laddr/lport (username)
•%PIX-6-302002: Teardown TCP connection id for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port (username) duration time bytes num (chars).
•%PIX-6-302003: Built H245 connection for faddr faddr/fport laddr laddr/lport
•%PIX-6-302004: Pre-allocate H323 UDP backconnection for faddr faddr/fport to laddr laddr/lport
•%PIX-6-302005: Built UDP connection for faddr faddr/fport gaddr gaddr/gport laddr laddr/lport
•%PIX-6-302006: Teardown UDP connection for faddr faddr/fport gaddr gaddr/gport laddr laddr/lport
•%PIX-6-302009: Rebuilt TCP connection id for faddr faddr/fport gaddr gaddr/gport laddr laddr/lport
•%PIX-6-302010: conns in use, conns most used
•%PIX-6-303002: src_addr Stored|Retrieved dest_addr: nat_addrs
•%PIX-6-304004: URL Server IP_addr request failed URL chars
•%PIX-6-305001: Portmapped translation built for gaddr IP_addr/port laddr IP_addr/port
•%PIX-6-305002: Translation built for gaddr IP_addr to laddr IP_addr
•%PIX-6-305003: Teardown translation for global IP_addr local IP_addr
•%PIX-6-305004: Teardown portmap translation for global IP_addr/port local IP_addr/port
•%PIX-6-305007: Orphan IP IP_addr on interface interface_number
•%PIX-6-307001: Denied Telnet login session from IP_addr on interface int_name.
•%PIX-6-307002: Permitted Telnet login session from IP_addr
•%PIX-6-307003: telnet login session failed from IP_addr (num attempts) on interface int_name.
•%PIX-6-308001: PIX console enable password incorrect for num tries (from IP_addr).
•%PIX-6-309002: Permitted manager connection from IP_addr.
•%PIX-6-311001: LU loading standby start
•%PIX-6-311002: LU loading standby end
•%PIX-6-311003: LU recv thread up
•%PIX-6-311004: LU xmit thread up
•%PIX-6-314001: Pre-allocate RTSP UDP backconnection for faddr faddr/fport to laddr laddr/lport
•%PIX-6-315002: Permitted SSH session from IP_addr on interface int_name for user "user_id"
•%PIX-6-315003: SSH login session failed from IP_addr on (num attempts) on interface int_name by user "user_id"
•%PIX-6-315011: SSH session from IP_addr on interface int_name for user "user_id" terminated normally
•%PIX-6-315011: SSH session from IP_addr on interface int_name for user "user_id" disconnected by SSH server, reason: "text"
•%PIX-6-602101: PMTU-D packet packet_length bytes greater than effective mtu mtu_value dest_addr=dest_ip, src_addr=source_ip, prot=protocol
•%PIX-6-602102: Adjusting IPSec tunnel mtu...
•%PIX-6-602301: sa created...
•%PIX-6-602302: deleting sa...
•%PIX-6-603101: PPTP received out of seq or duplicate pkt, tnl_id=id, sess_id=session, seq=num.
•%PIX-6-603102: PPP virtual interface int_name - user: user aaa authentication started.
•%PIX-6-603103: PPP virtual interface int_name - user: user aaa authentication status.
•%PIX-6-603104: PPTP Tunnel created, tunnel_id is id, remote_peer_ip is IP_addr, ppp_virtual_interface_id is id, client_dynamic_ip is IP_addr, username is login, MPPE_key_strength is chars
•%PIX-6-603105: PPTP Tunnel deleted, tunnel_id = id, remote_peer_ip= IP_addr
•%PIX-6-604101: DHCP client interface int_name: Allocated ip = ip_address, mask = mask, gw = gateway_address
•%PIX-6-604102: DHCP client interface int_name: address released
•%PIX-6-604103: DHCP daemon interface int_name: address granted MAC_addr (IP_addr)
•%PIX-6-604104: DHCP daemon interface int_name: address released
Debugging Messages, Severity 7
The following messages appear at severity 7, debugging:
•%PIX-7-106011: Deny inbound (No xlate) chars
•%PIX-7-109014: uauth_lookup_net fail for uauth_in()
•%PIX-7-304005: URL Server IP_addr request pending URL chars
•%PIX-7-701001: alloc_user() out of Tcp_user objects
•%PIX-7-702301: lifetime expiring...
•%PIX-7-702303: sa_request...
•%PIX-7-709001: FO replication failed: cmd=command returned=code
•%PIX-7-709002: FO unreplicable: cmd=command