Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
512
Views
0
Helpful
1
Replies

Help with IOS Firewall log message

ovt
Level 4
Level 4

‎09-04-2007 10:30 PM - edited ‎03-11-2019 04:06 AM

Hi!

If

ip inspect log drop-pkt

is enabled I see a lot of the following error messages:

%FW-6-DROP_TCP_PKT: Dropping tcp pkt 10.1.1.120:2740 => 10.7.1.6:25 due to Stray Segment -- ip ident 48234 tcpflags 0x5004 seq.no 2494264063 ack 2494264063

What does this mean?

Labels:
0 Helpful
1 Reply 1

vkapoor5
Level 5
Level 5

‎09-11-2007 06:18 AM

"Stray segment" message is logged whenver the FW TCP inspection doesn't expect a TCP message/segment given the session context. Example, reception of a SYN segment from outside to inside when expection is that SYN are initiated from inside.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top