This issue occurs due to the presence of Cisco bug ID CSCsg37315.
This issue occurs when VPN tunnels are configured on the router in conjunction with Context-Based Access Control (CBAC).
When this issue occurs, the Invalid Segment tcp error message appears.
For a workaround:
Disable the hardware encryption on the router with the no crypto engine accelerator command.