Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Cisco asa 5500 log
1. Cisco ASA 5500 Series
System Log Messages
Version 8.3(2)
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO
CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS
MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY
PRODUCTS.
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-22177-02
44. Contents
Error Messages, Severity 3 A-6
Warning Messages, Severity 4 A-19
Notification Messages, Severity 5 A-30
Informational Messages, Severity 6 A-37
Debugging Messages, Severity 7 A-51
Variables Used in Syslog Messages A-59
INDEX
Cisco ASA 5500 Series System Log Messages
xliv OL-22177-02
45. Preface
The preface includes the following sections:
• Obtaining Documentation and Submitting a Service Request, page xlv
• What’s New in This Release, page xlvi
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASA 5500 Series System Log Messages
OL-22177-02 xlv
46. Preface
What’s New in This Release
Table 1 lists the new, changed, and deprecated syslog messages for Version 8.3(2). For complete syslog
message descriptions, see Chapter 1, “Syslog Messages.”
Table 1 New, Changed, and Deprecated Syslog Messages for Version 8.3(2)
New Syslog Messages 111010, 324008, 713260-713272
Changed Syslog Messages 106102, 106103, 111008, 302014, 324002, 507003, 604105, 733100
(Documentation)
Changed Syslog Messages 106102, 106103, 111008, 507003, 604105
(Code)
Deprecated Syslog Messages None
Note A change in the code may not necessarily require a change to the documentation.
Cisco ASA 5500 Series System Log Messages
xlvi OL-22177-02
47. CH A P T E R 1
Syslog Messages
This chapter lists the messages in numerical order.
Note When a number is skipped in a sequence, the message is no longer in the adaptive security appliance
code.
For information about how to configure logging and SNMP, see the Cisco ASA 5500 Series
Configuration Guide Using the CLI.
Table 1-1 lists the message classes and the ranges of message IDs that are associated with each class.
The valid range for message IDs is between 100000 and 999999.
Table 1-1 Syslog Message Classes and Associated Message ID Numbers
Class Definition Syslog Message ID Numbers
auth User Authentication 109, 113
bridge Transparent Firewall 110, 220
ca PKI Certification Authority 717
config Command Interface 111, 112, 208, 308
e-mail E-mail Proxy 719
dap Dynamic Access Policies 734
ha High Availability (Failover) 101, 102, 103, 104, 210, 311, 709
ip IP Stack 209, 215, 313, 317, 408
ipaa IP Address Assignment 735
ips Intrusion Protection System 400, 401, 415
np Network Processor 319
npssl NP SSL 725
ospf OSPF Routing 318, 409, 503, 613
rip RIP Routing 107, 312
rm Resource Manager 321
session User Session 106, 108, 201, 202, 204, 302, 303, 304, 305, 314, 405, 406,
407, 500, 502, 607, 608, 609, 616, 620, 703, 710
snmp SNMP 212
Cisco ASA 5500 Series System Log Messages
OL-22177-02 1-1
48. Chapter 1 Syslog Messages
Messages 101001 to 199012
Table 1-1 Syslog Message Classes and Associated Message ID Numbers (continued)
Class Definition Syslog Message ID Numbers
sys System 199, 211, 214, 216, 306, 307, 315, 414, 604, 605, 606, 610,
612, 614, 615,701, 711, 741
vpdn PPTP and L2TP Sessions 213, 403, 603
vpn IKE and IPsec 316, 320, 402, 404, 501, 602, 702, 713, 714, 715
vpnc VPN Client 611
vpnfo VPN Failover 720
vpnlb VPN Load Balancing 718
webvpn Web-based VPN 716
This chapter includes the following sections:
• Messages 101001 to 199012, page 1-2
• Messages 201002 to 219002, page 1-67
• Messages 302003 to 339001, page 1-90
• Messages 400000 to 450001, page 1-165
• Messages 500001 to 509001, page 1-235
• Messages 602101 to 634001, page 1-246
• Messages 701001 to 742010, page 1-274
Messages 101001 to 199012
This section includes messages from 101001 to 199012.
101001
Error Message %ASA-1-101001: (Primary) Failover cable OK.
Explanation The failover cable is present and functioning correctly. Primary can also be listed as
Secondary for the secondary unit.
Recommended Action None required.
Cisco ASA 5500 Series System Log Messages
1-2 OL-22177-02
49. Chapter 1 Syslog Messages
Messages 101001 to 199012
101002
Error Message %ASA-1-101002: (Primary) Bad failover cable.
Explanation The failover cable is present, but not functioning correctly. Primary can also be listed as
Secondary for the secondary unit.
Recommended Action Replace the failover cable.
101003, 101004
Error Message %ASA-1-101003: (Primary) Failover cable not connected (this unit).
Error Message %ASA-1-101004: (Primary) Failover cable not connected (other unit).
Explanation Failover mode is enabled, but the failover cable is not connected to one unit of the
failover pair. Primary can also be listed as Secondary for the secondary unit.
Recommended Action Connect the failover cable to both units of the failover pair.
101005
Error Message %ASA-1-101005: (Primary) Error reading failover cable status.
Explanation The failover cable is connected, but the primary unit is unable to determine its status.
Recommended Action Replace the cable.
102001
Error Message %ASA-1-102001: (Primary) Power failure/System reload other side.
Explanation The primary unit has detected a system reload or a power failure on the other unit.
Primary can also be listed as Secondary for the secondary unit.
Recommended Action On the unit that experienced the reload, use the show crashinfo command to
determine if there is a traceback associated with the reload. Also verify that the unit is powered on
and that power cables are correctly connected.
Cisco ASA 5500 Series System Log Messages
OL-22177-02 1-3
50. Chapter 1 Syslog Messages
Messages 101001 to 199012
103001
Error Message %ASA-1-103001: (Primary) No response from other firewall (reason
code = code).
Explanation The primary unit is unable to communicate with the secondary unit over the failover
cable. Primary can also be listed as Secondary for the secondary unit. Table 1-2 lists the reason
codes and the descriptions to determine why the failover occurred.
Table 1-2 Reason Codes
Reason
Code Description
1 No failover hello seen on serial cable for 30+ seconds. This ensures that failover is running
correctly on the other unit.
2 An interface did not pass one of the four failover tests, which are as follows: 1) Link Up, 2)
Monitor for Network Traffic, 3) ARP, and 4) Broadcast Ping.
3 No proper ACK for 15+ seconds after a command was sent on the serial cable.
4 The local unit is not receiving the hello packet on the failover LAN and other data interfaces
and it is declaring that the peer is down.
5 The standby peer went down during the configuration synchronization process.
Recommended Action Verify that the failover cable is connected correctly and both units have the
same hardware, software, and configuration. If the problem persists, contact the Cisco TAC.
103002
Error Message %ASA-1-103002: (Primary) Other firewall network interface
interface_number OK.
Explanation The primary unit has detected that the network interface on the secondary unit is okay.
Primary can also be listed as Secondary for the secondary unit.
Recommended Action None required.
103003
Error Message %ASA-1-103003: (Primary) Other firewall network interface
interface_number failed.
Explanation The primary unit has detected a bad network interface on the secondary unit. Primary
can also be listed as Secondary for the secondary unit.
Recommended Action Check the network connections on the secondary unit and the network hub
connection. If necessary, replace the failed network interface.
Cisco ASA 5500 Series System Log Messages
1-4 OL-22177-02
51. Chapter 1 Syslog Messages
Messages 101001 to 199012
103004
Error Message %ASA-1-103004: (Primary) Other firewall reports this firewall failed.
Explanation The primary unit received a message from the secondary unit indicating that the primary
unit has failed. Primary can also be listed as Secondary for the secondary unit.
Recommended Action Verify the status of the primary unit.
103005
Error Message %ASA-1-103005: (Primary) Other firewall reporting failure.
Explanation The secondary unit has reported a failure to the primary unit. Primary can also be listed
as Secondary for the secondary unit.
Recommended Action Verify the status of the secondary unit.
103006
Error Message %ASA-1-103006: (Primary|Secondary) Mate version ver_num is not
compatible with ours ver_num
Explanation The adaptive security appliance has detected a peer unit that is running a version that is
different than the local unit and is not compatible with the HA Hitless Upgrade feature.
• ver_num—Version number
Recommended Action Install the same or a compatible version image on both units.
103007
Error Message %ASA-1-103007: (Primary|Secondary) Mate version ver_num is not
identical with ours ver_num
Explanation The adaptive security appliance has detected that the peer unit is running a version that
is not identical, but supports Hitless Upgrade and is compatible with the local unit. The system
performance may be degraded because the image version is not identical, and the adaptive security
appliance may develop a stability issue if the nonidentical image runs for an extended period.
• ver_num—Version number
Recommended Action Install the same image version on both units as soon as possible.
Cisco ASA 5500 Series System Log Messages
OL-22177-02 1-5
52. Chapter 1 Syslog Messages
Messages 101001 to 199012
104001, 104002
Error Message %ASA-1-104001: (Primary) Switching to ACTIVE (cause: string).
Error Message %ASA-1-104002: (Primary) Switching to STNDBY (cause: string).
Explanation You have forced the failover pair to switch roles, either by entering the failover active
command on the standby unit, or the no failover active command on the active unit. Primary can
also be listed as Secondary for the secondary unit. Possible values for the string variable are as
follows:
• state check
• bad/incomplete config
• ifc [interface] check, mate is healthier
• the other side wants me to standby
• in failed state, cannot be active
• switch to failed state
• other unit set to active by CLI config command fail active
Recommended Action If the message occurs because of manual intervention, no action is required.
Otherwise, use the cause reported by the secondary unit to verify the status of both units of the pair.
104003
Error Message %ASA-1-104003: (Primary) Switching to FAILED.
Explanation The primary unit has failed.
Recommended Action Check the messages for the primary unit for an indication of the nature of the
problem (see message 104001). Primary can also be listed as Secondary for the secondary unit.
104004
Error Message %ASA-1-104004: (Primary) Switching to OK.
Explanation A previously failed unit reports that it is operating again. Primary can also be listed as
Secondary for the secondary unit.
Recommended Action None required.
Cisco ASA 5500 Series System Log Messages
1-6 OL-22177-02
53. Chapter 1 Syslog Messages
Messages 101001 to 199012
105001
Error Message %ASA-1-105001: (Primary) Disabling failover.
Explanation In version 7.x and later, this message may indicate the following: failover has been
automatically disabled because of a mode mismatch (single or multiple), a license mismatch
(encryption or context), or a hardware difference (one unit has an IPS SSM installed, and its peer
has a CSC SSM installed). Primary can also be listed as Secondary for the secondary unit.
Recommended Action None required.
105002
Error Message %ASA-1-105002: (Primary) Enabling failover.
Explanation You have used the failover command with no arguments on the console, after having
previously disabled failover. Primary can also be listed as Secondary for the secondary unit.
Recommended Action None required.
105003
Error Message %ASA-1-105003: (Primary) Monitoring on interface interface_name
waiting
Explanation The adaptive security appliance is testing the specified network interface with the other
unit of the failover pair. Primary can also be listed as Secondary for the secondary unit.
Recommended Action None required. The adaptive security appliance monitors its network interfaces
frequently during normal operation.
105004
Error Message %ASA-1-105004: (Primary) Monitoring on interface interface_name normal
Explanation The test of the specified network interface was successful. Primary can also be listed as
Secondary for the secondary unit.
Recommended Action None required.
Cisco ASA 5500 Series System Log Messages
OL-22177-02 1-7
54. Chapter 1 Syslog Messages
Messages 101001 to 199012
105005
Error Message %ASA-1-105005: (Primary) Lost Failover communications with mate on
interface interface_name.
Explanation One unit of the failover pair can no longer communicate with the other unit of the pair.
Primary can also be listed as Secondary for the secondary unit.
Recommended Action Verify that the network connected to the specified interface is functioning
correctly.
105006, 105007
Error Message %ASA-1-105006: (Primary) Link status Up on interface interface_name.
Error Message %ASA-1-105007: (Primary) Link status Down on interface interface_name.
Explanation The results of monitoring the link status of the specified interface have been reported.
Primary can also be listed as Secondary for the secondary unit.
Recommended Action If the link status is down, verify that the network connected to the specified
interface is operating correctly.
105008
Error Message %ASA-1-105008: (Primary) Testing interface interface_name.
Explanation Testing of a specified network interface has occurred. This testing is performed only if
the adaptive security appliance fails to receive a message from the standby unit on that interface after
the expected interval. Primary can also be listed as Secondary for the secondary unit.
Recommended Action None required.
105009
Error Message %ASA-1-105009: (Primary) Testing on interface interface_name
{Passed|Failed}.
Explanation The result (either Passed or Failed) of a previous interface test has been reported.
Primary can also be listed as Secondary for the secondary unit.
Recommended Action None required if the result is Passed. If the result is Failed, you should check
the network cable connection to both failover units, that the network itself is functioning correctly,
and verify the status of the standby unit.
Cisco ASA 5500 Series System Log Messages
1-8 OL-22177-02