Question : Cisco ASA Error Message

I got the below error message in my Cisco ASA. Could some one explain what does it mean? Is there anything I need to take care of or change the configuration in my ASA?
===================================
May 25 14:11:33 10.11.101.203 May 25 2010 04:11:33 FBCNDSFW : %ASA-4-313005: No matching connection for ICMP error message: icmp src outside:10.11.101.165 dst VGA:10.11.64.4 (type 11, code 0) on outside interface. Original IP payload: tcp src 10.11.64.4/58087 dst 10.111.25.101/2442.

Answer : Cisco ASA Error Message

Type 11 icmp is a time exceeded packet.

So what this means is there is a packet arriving on the outside interface destined for 10.111.25.101 from 10.11.64.4. The most likely scenario is that these devices are attempting to communicate, but the routing is not present or is incorrect within the internal network. So the packet ended up at the firewall, and followed the default route out to the internet router. This then forwarded it back to the firewall, which again forwarded it back to the ASA - back and forth until the packet TTL reduced to zero. Then the icmp packet was emitted.

Note that this scenario is without any knowledge of your network, so you will need to adapt it for your network.

If you to a tracert from 10.11.64.4 to 10.111.25.101 you'll see the packet heading for the firewall and out the outside interface instead of to the 10.111.25.101 network.

Random Solutions

Calculating a CRC-16

Custom facebook share image-button

Limit number of chars in a multiple textarea form

sys.sysprocesses permissions

FileZilla Server Setup problem

XP Pro Workstation Boot times

How to pass a scalar variable from one query to another

*Warning: System BOOT Fail*

Sniffing voice related traffic