Event ID - ASA-4-402118

Message CodeASA-4-402118
SeverityWarning
DescriptionIPSEC: Received an protocol packet (SPI=spi, sequence number seq_num) from remote_IP (username) to local_IP containing an illegal IP fragment of length frag_len with offset frag_offset.
ExplanationThis message is displayed when a decapsulatd IPSec packet contains an IP fragment with an offset less than or equal to 128 bytes. The latest version of the Security Architecture for IP RFC recommends 128 bytes as the minimum IP fragment offset to prevent reassembly attacks. This may be part of an attack. This message is rate limited to no more than one message every five seconds.
  • protocol—IPSec protocol.
  • spi—IPSec Security Parameter Index.
  • seq_num—IPSec sequence number.
  • remote_IP—IP address of the remote endpoint of the tunnel.
  • username—Username associated with the IPSec tunnel.
  • local_IP—IP address of the local endpoint of the tunnel
  • frag_len—IP fragment length
  • frag_offset—IP fragment offset in bytes
User ActionContact the administrator of the remote peer to compare policy settings.
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh