https://community.cisco.com/t5/network-security/what-does-this-log-message-mean/m-p/1091599#M892706 <HTML><HEAD></HEAD><BODY><P>Error Message %PIX-4-209005: Discard IP fragment set with more than number elements: </P><P>src = IP_address, dest = IP_address, proto = protocol, id = number</P><P></P><P>Explanation Too many elements are in a fragment set. The firewall disallows any IP packet that is fragmented into more than 12 fragments. Refer to the fragment command in the Cisco PIX Firewall Command Reference for more information.</P><P></P><P>Recommended Action A possible intrusion event may be in progress. If the message persists, contact the remote peer's administrator or upstream provider. </P><P></P><P>Have a look at <A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/df.html#wp1029667" target="_blank">http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/df.html#wp1029667</A></P></BODY></HTML> Thu, 04 Dec 2008 23:53:30 GMT grant.maynard 2008-12-04T23:53:30Z https://community.cisco.com/t5/network-security/what-does-this-log-message-mean/m-p/1091598#M892699 <P>I am having trouble with RDP through my LAN-to-LAN tunnel and I keep reciving the below message in my log. Do you have any idea what could cause this message and how to fix it?</P><P></P><P>209005: Discard IP fragment set with more than 1 elements: src = 196.12.47.50, dest = 174.18.22.22, proto = esp, id = 39374</P><P></P><P>Please note that I have changed the public IPs. The first IP in the log represents the outside IP address of my PIX (6.3 5) and the 2nd one is the outside IP address of the termanating VPN conncetion (6.3 5).</P> Mon, 11 Mar 2019 14:21:31 GMT https://community.cisco.com/t5/network-security/what-does-this-log-message-mean/m-p/1091598#M892699 anowell 2019-03-11T14:21:31Z https://community.cisco.com/t5/network-security/what-does-this-log-message-mean/m-p/1091599#M892706 <HTML><HEAD></HEAD><BODY><P>Error Message %PIX-4-209005: Discard IP fragment set with more than number elements: </P><P>src = IP_address, dest = IP_address, proto = protocol, id = number</P><P></P><P>Explanation Too many elements are in a fragment set. The firewall disallows any IP packet that is fragmented into more than 12 fragments. Refer to the fragment command in the Cisco PIX Firewall Command Reference for more information.</P><P></P><P>Recommended Action A possible intrusion event may be in progress. If the message persists, contact the remote peer's administrator or upstream provider. </P><P></P><P>Have a look at <A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/df.html#wp1029667" target="_blank">http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/df.html#wp1029667</A></P></BODY></HTML> Thu, 04 Dec 2008 23:53:30 GMT https://community.cisco.com/t5/network-security/what-does-this-log-message-mean/m-p/1091599#M892706 grant.maynard 2008-12-04T23:53:30Z