[CISCO][asa]ASA Code 113040 stands not for vpn-disconnect it is a error

[xtruthx]

ASA Code 113040 is not the client-vpn-disconnection. It is a client vpn error. Explanation from CISCO:

 Error Message %ASA-4-113040: Terminating the VPN connection attempt from attempted group . Reason: This connection is group locked to locked group. Explanation The tunnel group over which the connection is attempted is not the same as the tunnel group set in the group lock. attempted group —The tunnel group over which the connection came in locked group —The tunnel group for which the connection is locked or restricted Recommended Action Check the group-lock value in the group policy or the user attributes. 

ASA Code 113019 is more equivalent to the disconnect. This disconnect could be have different reasons, as a "disscet proceessor" allready defines. Explanation from CISCO:

113019 Error Message %ASA-4-113019: Group = group , Username = username , IP = peer_address , Session disconnected. Session Type: type , Duration: duration , Bytes xmt: count , Bytes rcv: count , Reason: reason Explanation An indication of when and why the longest idle user is disconnected. group—Group name username—Username IP—Peer address Session Type—Session type (for example, IPsec or UDP) duration—Connection duration in hours, minutes, and seconds Bytes xmt—Number of bytes transmitted Bytes rcv —Number of bytes received reason—Reason for disconnection User Requested Lost Carrier Lost Service Idle Timeout Max time exceeded Administrator Reset Administrator Reboot Administrator Shutdown Port Error NAS Error NAS Request NAS Reboot Port unneeded Connection preempted. Indicates that the allowed number of simultaneous (same user) logins has been exceeded. To resolve this problem, increase the number of simultaneous logins or have users only log in once with a given username and password. Port Suspended Service Unavailable Callback User error Host Requested SA Expired IKE Delete Bandwidth Management Error Certificate Expired Phase 2 Mismatch Firewall Mismatch Peer Address Changed ACL Parse Error Phase 2 Error Configuration Error Peer Reconnected Internal Error Crypto map policy not found L2TP initiated VLAN Mapping Error NAC-Policy Error Dynamic Access Policy terminate Client type not supported Unknown Recommended Action Unless the reason indicates a problem, then no action is required. 

• LABLE: BUG

Thanks for review this.

[elasticmachine]

❕ Build Aborted

The PR is not allowed to run in the CI yet

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-04-20T08:36:08.296+0000

• Duration: 3 min 2 sec

Steps errors

Expand to view the steps failures

Load a resource file from a library

• Took 0 min 0 sec . View more details here
• Description: approval-list/elastic/integrations.yml

Error signal

• Took 0 min 0 sec . View more details here
• Description: githubApiCall: The REST API call https://api.github.com/orgs/elastic/members/xtruthx return the message : java.lang.Exception: httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/xtruthx : httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/xtruthx : Code: 404Error: {"message":"User does not exist or is not a member of the organization","documentation_url":"https://docs.github.com/rest/reference/orgs#check-organization-membership-for-a-user"}

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

Please add an entry to the changelog and bump the version in the manifest. This will also need to have a test expectations regenerated for 113019 and 113040 messages. Are you able to do this?

[botelastic]

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

[P1llus]

There is a similar community PR open here: #6423, as this one currently becomes stale, we will close this one and merge the other for now.

[xtruthx]

Thanks for the folks who pushed that topic within #6423. I sadly went to digital work leave time starting at 1st May until the 1st August. So thats the reason why i not processd working on it after the comment.
I am glad that this resolved.