Frederick Reimer Sun, 08/24/2008 - 14:14
User Badges:

313005

Error Message %PIX|ASA-4-313005: No matching connection for ICMP error message: icmp_msg_info on interface_name interface. Original IP payload: embedded_frame_info icmp_msg_info = icmp src src_interface_name:src_address dst dest_interface_name:dest_address (type icmp_type, code icmp_code) embedded_frame_info = prot src source_address/source_port dst dest_address/dest_port

Explanation ICMP error packets were dropped by the security appliance because the ICMP error messages are not related to any session already established in the security appliance.

Recommended Action If the cause is an attack, you can deny the host by using ACLs.



Do you have icmp inspection turned on in your policy-map?


teddymoosh Sun, 08/24/2008 - 17:53
User Badges:

No I don't. I am a little concerned about this particular sys log id.

Frederick Reimer Sun, 08/24/2008 - 23:53
User Badges:

If you don't have icmp inspect enabled then icmp is not stateful, and no icmp will pass through the firewall...

teddymoosh Mon, 08/25/2008 - 07:01
User Badges:

I don't want to enable it because I don't want ICMP to pass through the firewall, i.e. I don't want anyone to be able to ping or traceroute the firewall, at all. Is this sys log ID something that I should be worried about?

robertson.michael Thu, 08/28/2008 - 12:16
User Badges:
  • Silver, 250 points or more

Hi Chad,


If you don't want ICMP to be passing through the firewall, then no you don't have worry about these messages. They are simply indicating that the firewall is doing its job correctly.


As the syslog documentation says, you can block ICMP on your inbound ACLs and this will prevent the firewall from processing the packets and generating these messages (though you may then see messages indicating the traffic was dropped to an ACL rule depending on your logging level).


Hope that helps.


-Mike

teddymoosh Fri, 08/29/2008 - 12:48
User Badges:

Thank you for your response. How do I get rid of this message?


Thanks

robertson.michael Fri, 08/29/2008 - 12:58
User Badges:
  • Silver, 250 points or more

Hi Chad,


You can use the 'no logging message 313005' command to stop the firewall from generating these messages.


-Mike

Actions

This Discussion