TCP packet buffer full

Unanswered Question
bwalchez Thu, 05/10/2007 - 10:51
User Badges:

TCP packet buffer full :

This counter is incremented and the packet is dropped when the security appliance receives an out-of-order TCP packet on a connection, and there is no buffer space to store this packet. Typically TCP packets are put into order on connections that are inspected by the security appliance or when packets are sent to an SSM for inspection. There is a default queue size,

and when packets in excess of this default queue size are received they will be dropped.


Try to use the TCP normalization feature of the PIX and increase the queue-limit for the buffer for out-of-order packets. The queue-limit could be increased to max 250 and is 0 by default.


You may refer to :

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/cmd_ref/qr_711.htm#wp1598973



vitripat Thu, 05/10/2007 - 11:10
User Badges:
  • Gold, 750 points or more

queue-limit can only be increased on ASA and not on PIX firewalls.


Regards,

Vibhor.

Actions

This Discussion