Solved: OutOfOrder packet processing with ZBF - - SSH being dropped

Paul Morgan · ‎09-09-2015

Hi all,

I have an unusual issue with ZBF.

My SSH connection from the WAN into the router (self zone) works fine from a terminal but doesn't work from my other routers.

When connecting from my home or work terminal (over the wan), everything connects normally. When I attempt the connection from a router using SSH -l LOGIN *ip address*, I see "Dropping tcp session on zone-pair OUTSELF class SSHCLASS due to Out-Of-Order segment ..."

Now Ive watched the counters of incoming packets so I can see that the connection comes in ok.

Why is this connection attempt from a router treated differently and why isn't out of order processing handling the connection?

All help appreciated.

Paul

Vibhor Amrodia · ‎09-09-2015

Hi,

Maybe the SSH version set on the Client Router ? SSH Version 1 probably ?

Thanks and Regards,

Vibhor Amrodia

View solution in original post

Vibhor Amrodia · ‎09-09-2015

Hi,

Maybe the SSH version set on the Client Router ? SSH Version 1 probably ?

Thanks and Regards,

Vibhor Amrodia

Paul Morgan · ‎09-10-2015

When I run SH IP SSH I get version 1.99 on both routers.

And Ive tried using SSH -V 1 -L LOGIN ip address AND SSH -V 2 -L LOGIN ip address

EDIT - Ive converted the router back to IOS firewall and it still doesn't work. So it must be something that is wrong.

Thanks for your help.