11-09-2007 01:45 AM - edited 03-03-2019 07:28 PM
Hi, I have a Cisco 877 running in VPN mode and get this error sent to the syslog server throughout the day:
65: Dropping TCP Segment: seq:1180744820 1500 bytes is out-of-order; expected seq:1180719170. Reason: TCP reassembly queue overflow
11-15-2007 07:01 AM
change the ip inspect tcp reassembly queue length and test.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tsec_r/sec_i1ht.htm
To set parameters that define how Cisco IOS Firewall application inspection and Cisco IOS Intrusion Prevention System (IPS) will handle out-of-order TCP packets, use the ip inspect tcp reassembly command in global configuration mode. To disable at least one defined parameter, use the no form of this command. ip inspect tcp reassembly {[queue length packet-number] [timeout seconds] [memory limitsize-in-kb] [alarm {on | off}]}
no ip inspect tcp reassembly {[queue length] [timeout] [memory limit]}
11-15-2007 08:32 AM
Thanks for your reply, is the error anything to worry about in simple terms?
I will take a look at the link now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide