04-19-2011 12:38 PM - edited 03-11-2019 01:23 PM
Hi Folks
I Use the Command sh logging on my asa 5510 i founf the above,what this mean?is there any link let me understand this logs and other logs
thanks
04-19-2011 01:31 PM
Hi Ibrahim,
Here is the explaination for the syslog message that you saw:
Error Message %ASA-6-302014: Teardown TCP connection id for
interface:real-address/real-port to interface:real-address/real-port duration
hh:mm:ss bytes bytes [reason] [(user)]
Explanation A TCP connection between two hosts was deleted. The following list describes the message values:
•id —A unique identifier
•interface, real-address, real-port—The actual socket
•duration—The lifetime of the connection
•bytes—The data transfer of the connection
•user—The AAA name of the user
Explanation This new message is paired with "DPD R-U-THERE" message 715036, which logs the DPD sending messages.
•group_name—The peer's VPN group name
•client—The peer's username
•IP_address—IP address of the VPN peer
•message_type—The message type ("DPD R-U-THERE" or "DPD R-U-THERE-ACK")
•number—The DPD sequence number
Two possible cases:
•Received peer sending "DPD R-U-THERE" message
•Received peer reply "DPD R-U-THERE-ACK" message
Be aware of the following:
•The "DPD R-U-THERE" message is received and its sequence number matches the outgoing DPD reply messages.
If the adaptive security appliance sends a "DPD R-U-THERE-ACK" message without first receiving a "DPD R-U-THERE" message from the peer, it is likely experiencing a security breech.
•The received "DPD R-U-THERE-ACK" message's sequence number is matched with previously sent DPD messages.
If the adaptive security appliance did not receive a "DPD R-U-THERE-ACK" message within a reasonable amount of time after sending a "DPD R-U-THERE" message to the peer, the tunnel is most likely down.
here is the link explaining all the syslog messages generated by the ASA:
http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html
Hope this helps.
Regards,
Som
P.S. Please mark this post as resolved if this has answered your question. Do rate the helpful posts. Thanks.
04-19-2011 01:33 PM
Hi Ibrahim,
The
You can check out the log and common drop reasons on this link:
http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp6275532
The second log message is explained on this link:
http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4776635
You can find the list of syslogs for the following ASA versions on the following links:
v7.0: http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html
v7.2: http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html
v8.0 http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html
v8.2: http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html
Hope this helps.
-Shrikant
P.S.: Please mark the question as answered if it has been resolved. Do rate helpful posts. Thanks.
04-20-2011 03:30 AM
Thanks for you guys
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide