Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1132
Views
0
Helpful
7
Replies

PIX 515E SYS LOG ID 313005

teddymoosh
Level 1
Level 1

‎08-24-2008 12:38 PM - edited ‎03-11-2019 06:35 AM

Currntly receiving this sys log message on an intermittent basis. Needs some help as to what it means.

Labels:
0 Helpful
7 Replies 7

Frederick Reimer
Level 4
Level 4

‎08-24-2008 02:14 PM

313005

Error Message %PIX|ASA-4-313005: No matching connection for ICMP error message: icmp_msg_info on interface_name interface. Original IP payload: embedded_frame_info icmp_msg_info = icmp src src_interface_name:src_address dst dest_interface_name:dest_address (type icmp_type, code icmp_code) embedded_frame_info = prot src source_address/source_port dst dest_address/dest_port

Explanation ICMP error packets were dropped by the security appliance because the ICMP error messages are not related to any session already established in the security appliance.

Recommended Action If the cause is an attack, you can deny the host by using ACLs.

Do you have icmp inspection turned on in your policy-map?

0 Helpful

teddymoosh
Level 1
Level 1
In response to Frederick Reimer

‎08-24-2008 05:53 PM

No I don't. I am a little concerned about this particular sys log id.

0 Helpful

Frederick Reimer
Level 4
Level 4
In response to teddymoosh

‎08-24-2008 11:53 PM

If you don't have icmp inspect enabled then icmp is not stateful, and no icmp will pass through the firewall...

0 Helpful

teddymoosh
Level 1
Level 1
In response to Frederick Reimer

‎08-25-2008 07:01 AM

I don't want to enable it because I don't want ICMP to pass through the firewall, i.e. I don't want anyone to be able to ping or traceroute the firewall, at all. Is this sys log ID something that I should be worried about?

0 Helpful

robertson.michael
Level 3
Level 3
In response to teddymoosh

‎08-28-2008 12:16 PM

Hi Chad,

If you don't want ICMP to be passing through the firewall, then no you don't have worry about these messages. They are simply indicating that the firewall is doing its job correctly.

As the syslog documentation says, you can block ICMP on your inbound ACLs and this will prevent the firewall from processing the packets and generating these messages (though you may then see messages indicating the traffic was dropped to an ACL rule depending on your logging level).

Hope that helps.

-Mike

0 Helpful

teddymoosh
Level 1
Level 1
In response to robertson.michael

‎08-29-2008 12:48 PM

Thank you for your response. How do I get rid of this message?

Thanks

0 Helpful

robertson.michael
Level 3
Level 3
In response to teddymoosh

‎08-29-2008 12:58 PM

Hi Chad,

You can use the 'no logging message 313005' command to stop the firewall from generating these messages.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card