cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
355
Views
0
Helpful
0
Replies

Cisco 891 FW dropping TCP sessions

ddudkin2003
Level 1
Level 1

My Cisco 891 is randomly dropping tcp sessions which i believe is resulting in web page timeouts and half loads.

The error messages look like these. This example includes one local ip, but it happens to lots of internal hosts randomly

Aug 15 16:54:46.299: %FW-6-DROP_PKT: Dropping tcp session 192.168.50.52:55064 23.37.29.14:443 on zone-pair ccp-zp-in-out class ccp-insp-traffic due to Stray Segment with ip ident 0 

Aug 15 16:49:33.895: %FW-6-DROP_PKT: Dropping tcp session 23.204.180.174:80 192.168.50.52:54553 due to SYN inside current window with ip ident 0.

Aug 15 15:50:08.731: %FW-6-DROP_PKT: Dropping tcp session 31.13.85.97:443 192.168.50.52:60063 due to Stray Segment with ip ident 0

 

I've been googling the issue and no fixes have worked so far, nor am i really able to identify the source of this traffic. I've read it could be lots of out of order packets, so i enabled alarming by issuing parameter-map type ooo global -> alarming on. Nothing, nor is the out of order counter high. I've tried increasing the queue length and memory limit on virtual reassembly - no help.

I've checked my MTU, I can send 1500 fine. The interface is set to that. I went ahead and did an adjust-mss 1452 on the wan and vlan interfaces, still occuring.

I have checked my NAT timeout values, they are defaults.

I had a QoS service-policy set, which I took off thinking it may have been causing the drops. Still nothing.

My processor average usage is low.

 

What else can I check to identify the cause of these? My little 5MB line is definitely over saturated but this web page loading problem is only recent.

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: