Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IP options: "0x14" error?

Getting some of these in my syslog.

Deny IP from to, IP options: "0x14"

This pix on 10.122.x.x subnet is connected to another via IPsec. OS is 6.3.x. The two endpoints are video conf systems pushing h323 video between via the ipsec tunnel. Video between the units works 100%, I just don't like seeing these errors. The other pix on the 10.63.x.x network has the same errors that match the other endpoint


Re: IP options: "0x14" error?

The following statement:

This is a packet integrity check message. An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded.

... is from the document:

Search on the phrase "106012" to find it, and more.

The following link provides more info on IP Option Numbers:

The following RFC deals specifically with the IP Router Alert Option:

You could put a sniffer on the link if you want a closer look (source, destination, application, etc.).

New Member

Re: IP options: "0x14" error?

That makes sense, it is an H323 video conference conversation and I can use Ip presidence if I want to. So yes, the packet does have Ip options, as it should.

Any idea how to remove this block and allow it?

Re: IP options: "0x14" error?

IP Precedence and IP Options are not the same thing.

IP Precedence is conveyed in the Type of Service (TOS) field in the IP header.

The Options field follows the destination IP address field in the IP header, and is used for entirely different purposes.

You'd have to examine the packets with a sniffer to verify what they are in order to make an informed decision on whether they should be unblocked, or not.

New Member

Re: IP options: "0x14" error?

Yep, they need to be unblocked. they are my two h323 enpoints going in/out of my ipsec tunnel.

CreatePlease to create content