Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

zone-based firewall tcp reassembly overflow

I'm getting the following kinds of messages in my console:

033906: *May  2 19:18:09.972 Pacific: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-958700247 1500 bytes is out-of-order; expected seq:3336242433. Reason: TCP reassembly queue overflow - session 172.xx.xx.xx:56235 to 129.143.116.10:80 on zone-pair ccp-zp-in-out class ccp-protocol-http

How do I adjust the size of the reassembly queue for the zone-based firewall?
Thanks,
     Greg
1 REPLY
New Member

Re: zone-based firewall tcp reassembly overflow

SUMMARY STEPS

1. enable

2. configure terminal

3. parameter-map type ooo global

4. tcp reassembly queue length queue-length

Use something bigger than the default 16. This should fix it.

1685
Views
0
Helpful
1
Replies
CreatePlease to create content