any one plaese explain

Unanswered Question
Jun 29th, 2009


Is there anyone to explain me what does the following message indicate? I got thousands of message from my ASA-ADSM Syslog:

4 Jun 29 2009 17:01:56 313005 No matching connection for ICMP error message: icmp src Outside: dst Inside: (type 3, code 3) on Outside interface. Original IP payload: udp src dst



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robertson.michael Mon, 06/29/2009 - 05:26

Hi Nazmul,

This message means that the ASA received an ICMP error message (in this case type 3, code 3--this is an ICMP port unreachable message) that it did not have a corresponding connection for.

Based on the information in the message, it sounds like you either have a client that is configured to query the wrong DNS server, or your DNS server is not listening on the correct port.

These messages are probably not cause for concern from a security standpoint, but they could indicate a configuration error. I would recommend setting up some packet captures on the ASA to look at the entire conversation and see exactly what is going on.

Hope that helps.



This Discussion