Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Connection problem over vpn - reassembly limit of 8192 bytes exceeded

Hi,

I have two locations and these two sites are connected with site-to-site vpn. One site has ASA firewall and other site is checkpoint ADSL. When the checkpoint side tries to reach a server in other side it can ping but the application cannot connect and I see the error in asa logs. What can be the problem ?

Thanks

Terminating TCP-Proxy connection from WAN_ADSL:x.x.x.x to LAN:y.y.y.y - reassembly limit of 8192 bytes exceeded

Teardown TCP-PROXY connection from WAN_ADSL:x.x.x.x to LAN:y.y.y.y duration 0:00:01 bytes 22320 Flow closed by inspection

6 REPLIES
Cisco Employee

Re: Connection problem over vpn - reassembly limit of 8192 bytes

This message is displayed when reassembly buffer limit is exceeded during assembling TCP segments.

What protocol is the app using, what ports? Amybe disabling the corresponding inspection for that protocol would help.

I hope it helps.

PK

New Member

Re: Connection problem over vpn - reassembly limit of 8192 bytes

It is Oracle and using 1521 tcp.

I disabled sqlnet inspection but it didnt worked. Now I will upgrade the asa image and try again.

Cisco Employee

Re: Connection problem over vpn - reassembly limit of 8192 bytes

Yes, slq uses TCP port 1521.

Whate version of ASA are you using?

If you translating the ip address if the sql traffic then it won't work without inspection.

PK

Cisco Employee

Re: Connection problem over vpn - reassembly limit of 8192 bytes

Some 8.0 versions had some sql issues that were fixed in later versions.

If this ends up needing troubleshooting please open a case with TAC to look at it.

PK

New Member

Re: Connection problem over vpn - reassembly limit of 8192 bytes

I solved the problem by upgrading to latest version and removing sql inspection.

Silver

Re: Connection problem over vpn - reassembly limit of 8192 bytes

I have the following question for Cisco Folks regarding sqlnet inspection.

About 99% of my Pix/ASA firewall deployment that involves sqlnet, I have to disable inspection on the firewall for it to work properly. What is the point of enabling this feature if it is causing nothing but headache.

Thanks. David

1029
Views
0
Helpful
6
Replies
CreatePlease to create content