Event ID - ASA-4-402119

Message CodeASA-4-402119
SeverityWarning
DescriptionIPSEC: Received an protocol packet (SPI=spi, sequence number=seq_num) from remote_IP (username) to local_IP that failed anti-replay checking.
ExplanationThis message is displayed when an IPSec packet is received with an invalid sequence number. The peer is sending packets containing sequence numbers that may have been previously used. This syslog message indicates that an IPSec packet has been received with a sequence number outside of the acceptable window. This packet will be dropped by IPSec as part of a possible attack. This message is rate limited to no more than one message every five seconds.
  • protocol—IPSec protocol
  • spi—IPSec Security Parameter Index
  • seq_num—IPSec sequence number
  • remote_IP—IP address of the remote endpoint of the tunnel
  • username—Username associated with the IPSec tunnel
  • local_IP—IP address of the local endpoint of the tunnel.
User Action
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh