I need help in trying to make sense of the following. My syslog server is full of the following error: Deny IP teardrop fragment. The source addresses resulting in the error are all from my remote MPLS routers. The traffic involved are either netflows or syslogs all sourced from the MPLS routers. The error message points to issues with traffic sourced from the MPLS routers.As a result of this error, my ASA5520 device's CPU spikes up to 90%. The CPU issue only goes away after I have made the primary LAN firewall standby and the standby Internet firewall active. The WAN traffic has nothing to do with the Internet firewalls. Also, I see traffic hitting the outside interface of the LAN firewall even after I took one of the culprit MPLS routers offline.
Can someone please help explain what is going on? I already know that the issue is related to this code since it appears in the syslogs but then why is it sourcing from my MPLS routers and only impacting syslog and Netflow traffics?
106020
Error Message %PIX-2-106020: Deny IP teardrop fragment (size = number, offset =
number) from IP_address to IP_address
Explanation The firewall discarded an IP packet with a teardrop signature containing either a small offset or fragment overlapping. This is a hostile event to circumvent the firewall or an Intrusion Detection System.
Recommended Action Contact the remote peer administrator or escalate this issue according to your security policy.