Reassembly limit exceeded

Unanswered Question
Nov 3rd, 2008
User Badges:

After upgrading a PIX 515 of ours from 7.2 to 8.0 an issue was discovered where large SQL transfers were being dropped.


Troubleshooting the issue I discovered errors in the logs reporting connections on port 1521 (SQLNET) between the servers in question saying "reassembly limit of 8192bytes exceeded"


I found this page relating to the error:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml


And so I disabled SQLNET inspection by using:

policy-map global_policy

class inspection_default

no inspect sqlnet


This corrected the issue however I don't think this is ideal.


Also after doing a line-diff comparison of the config prior to upgrade I realised that SQLNET was being inspected before, so the upgrade has somehow changed something there.


Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Fri, 11/07/2008 - 13:07
User Badges:
  • Bronze, 100 points or more

Explanation: This message displays when the reassembly buffer limit is exceeded during assembling TCP segments.

source_address/source_port - The source IP address and the source port of the packet initiating the connection.

dest_address/dest_port - The destination IP address and the destination port of the packet initiating the connection.

interface_inside - The name of the interface on which the packet which initiated the connection arrives.

interface_outside - The name of the interface on which the packet which initiated the connection exits.

limit - The configured embryonic connection limit for the traffic class.

The resolution for this issue is to disable the RTSP inspection in the security appliance as shown.


policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

no inspect rtsp

Actions

This Discussion