Cisco ASR FMANFP-IPACCESSLOGP log query - pls help

secureIT · ‎09-12-2016

Hello All,

I am randomly getting the below logs in my ASR1001 router which is running with code 15.4(3)S2, and some what matching with Bug : CSCto56331

But the current code is higher than the reported code in the bug. Kindly suggest.

Sep 1 12:32:26.543 UTC: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list VULNERABILITY permitted tcp 172.16.15.205(53350) -> 10.24.12.102(443), 1 packet
Sep 1 12:32:26.683 UTC: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list VULNERABILITY permitted tcp 172.16.36.63(1474) -> 10.24.12.192(54087), 1 packet
Sep 1 12:32:26.796 UTC: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list VULNERABILITY permitted tcp 172.16.36.63(1474) -> 10.24.12.192(54274), 1 packet
Sep 1 12:32:26.924 UTC: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list VULNERABILITY permitted tcp 172.16.15.205(53361) -> 10.24.12.102(443), 1 packet
Sep 1 12:32:27.053 UTC: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list VULNERABILITY permitted tcp 172.16.5.252(49) -> 10.25.7.241(43934), 1 packet

It came automatically and went off, and haven't done any changes in the running config. would like to know the reason for the same.

Mark Malone · ‎09-13-2016

Hi

Bugs do appear in later versions sometimes even when not listed in bug outputs, there carried through the upgraded IOS versions

If it was one of my ASR routers I would move to one of the safe harbour versions listed on the website 15.4 S3 6 or one we are on which is very stable is 15.5 3 S3 all our cores use this and we haven't experienced any issues with it

Other option is raise it with TAC and get them to give you the specific answer and fix

lsharrah · ‎04-17-2019

Check to see if you have a log statement at the end of your ACL. If so, remove it and monitor the router log.