Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 515E SYS LOG ID 313005

Currntly receiving this sys log message on an intermittent basis. Needs some help as to what it means.

7 REPLIES
New Member

Re: PIX 515E SYS LOG ID 313005

313005

Error Message %PIX|ASA-4-313005: No matching connection for ICMP error message: icmp_msg_info on interface_name interface. Original IP payload: embedded_frame_info icmp_msg_info = icmp src src_interface_name:src_address dst dest_interface_name:dest_address (type icmp_type, code icmp_code) embedded_frame_info = prot src source_address/source_port dst dest_address/dest_port

Explanation ICMP error packets were dropped by the security appliance because the ICMP error messages are not related to any session already established in the security appliance.

Recommended Action If the cause is an attack, you can deny the host by using ACLs.

Do you have icmp inspection turned on in your policy-map?

New Member

Re: PIX 515E SYS LOG ID 313005

No I don't. I am a little concerned about this particular sys log id.

New Member

Re: PIX 515E SYS LOG ID 313005

If you don't have icmp inspect enabled then icmp is not stateful, and no icmp will pass through the firewall...

New Member

Re: PIX 515E SYS LOG ID 313005

I don't want to enable it because I don't want ICMP to pass through the firewall, i.e. I don't want anyone to be able to ping or traceroute the firewall, at all. Is this sys log ID something that I should be worried about?

Re: PIX 515E SYS LOG ID 313005

Hi Chad,

If you don't want ICMP to be passing through the firewall, then no you don't have worry about these messages. They are simply indicating that the firewall is doing its job correctly.

As the syslog documentation says, you can block ICMP on your inbound ACLs and this will prevent the firewall from processing the packets and generating these messages (though you may then see messages indicating the traffic was dropped to an ACL rule depending on your logging level).

Hope that helps.

-Mike

New Member

Re: PIX 515E SYS LOG ID 313005

Thank you for your response. How do I get rid of this message?

Thanks

Re: PIX 515E SYS LOG ID 313005

Hi Chad,

You can use the 'no logging message 313005' command to stop the firewall from generating these messages.

-Mike

735
Views
0
Helpful
7
Replies