ASA 5510 v8.02 Reassembly limit of 8192 exceeded

Unanswered Question
Sep 20th, 2007

When viewing a video using port 554 from inside to a server in the DMZ, I get this error. If you view from the outisde, it works fine. Below is the full syslog meesage. Any suggestions?

4 Sep 20 2007 15:48:24 507001 192.168.10.10 DMZ-WEB-SERVER Terminating TCP-Proxy connection from Inside:192.168.10.10/1879 to DMZ:DMZ-WEB-SERVER/554 - reassembly limit of 8192 bytes exceeded

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Wed, 09/26/2007 - 13:13

This message is displayed when reassembly buffer limit is exceeded during assembling TCP segments. This usually happens due to an inspection engine (or fixup) trying to reassemble a segment for deeper inspection (instead of forwarding the packets to the destination host). If you have configured any class map to have any tcp traffic using ports 11000-65535 inspected by the h323 and h225 fixups, try disabling it.

afredriksson Fri, 01/11/2008 - 07:39

Hi!

I get the exact same error using 5510 v8.0(3). Is there a solution to this problem?

mikeahrens Thu, 02/07/2008 - 13:35

Has anyone found further info about this?

I am in the same situation with a 5540 v8.0(3)

Ours does not have any class-maps defined (other than the _default_xxx - that you can't edit/disable anyway). I don't think I know what a 'fixup' is, so any enlightenment there would be appreciated.

its-system Fri, 05/08/2009 - 02:23

Short fix is to disable inspection of RTSP. Fixup is telling the Pix/ASA to do deep packet inspection to see if the segments match the protocol-sequence.

If you're not familiar with the fixup-commands, but work with the GUI, you can go to "service policy rules" -> rule action -> protocol inspection and deselect RTSP.

Actions

This Discussion