Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Pix 7.x + Bad option length in TCP

Hi,

In some cases, I get packets dropped whith the following reason :

"Bad option length in TCP"

Is there a way to create a TCP-Map to accept these packets anyway ?

Thanks,

Regards,

Gaëtan

1 REPLY
Community Member

Re: Pix 7.x + Bad option length in TCP

tcp-bad-option-len

This counter is incremented and the packet is dropped when the security appliance receives a TCP packet with a TCP option set, but the option length does not match the length defined for that option in the TCP RFC.

The packet corruption may be caused by a bad cable or noise on the line. It may also be that a TCP endpoint is sending corrupted packets and an attack is in progress. Please use the packet capture feature to learn more about the origin of the packet

You may be able to use the tcp-options command to fix if you can identify what and where the packet is originating.

Check this link for more info

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fb9fc.html#wp1088604

255
Views
0
Helpful
1
Replies
CreatePlease to create content