Solved: What does this log message mean?

anowell · ‎12-04-2008

I am having trouble with RDP through my LAN-to-LAN tunnel and I keep reciving the below message in my log. Do you have any idea what could cause this message and how to fix it?

209005: Discard IP fragment set with more than 1 elements: src = 196.12.47.50, dest = 174.18.22.22, proto = esp, id = 39374

Please note that I have changed the public IPs. The first IP in the log represents the outside IP address of my PIX (6.3 5) and the 2nd one is the outside IP address of the termanating VPN conncetion (6.3 5).

grant.maynard · ‎12-04-2008

Error Message %PIX-4-209005: Discard IP fragment set with more than number elements:

src = IP_address, dest = IP_address, proto = protocol, id = number

Explanation Too many elements are in a fragment set. The firewall disallows any IP packet that is fragmented into more than 12 fragments. Refer to the fragment command in the Cisco PIX Firewall Command Reference for more information.

Recommended Action A possible intrusion event may be in progress. If the message persists, contact the remote peer's administrator or upstream provider.

Have a look at http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/df.html#wp1029667

View solution in original post

grant.maynard · ‎12-04-2008

Error Message %PIX-4-209005: Discard IP fragment set with more than number elements:

src = IP_address, dest = IP_address, proto = protocol, id = number

Explanation Too many elements are in a fragment set. The firewall disallows any IP packet that is fragmented into more than 12 fragments. Refer to the fragment command in the Cisco PIX Firewall Command Reference for more information.

Recommended Action A possible intrusion event may be in progress. If the message persists, contact the remote peer's administrator or upstream provider.

Have a look at http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/df.html#wp1029667