Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
1
Replies

Security breach

digbym650
Level 1
Level 1

‎06-09-2015 08:38 AM - edited ‎03-11-2019 11:04 PM

Hello,

I just setup a firewall on a series 800 router and shortly after the following message was displayed;

Jun 10 00:11:32.814: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:1890440221 146
0 bytes is out-of-order; expected seq:1890416081. Reason: TCP reassembly queue o
verflow - session my_internal_ip:53513 to intercepted_ip:80

Does this mean the firewall is doing it's job, and has disallowed access, or does this mean my

configuration is incorrect?

Labels:
0 Helpful
1 Reply 1

Akshay Rastogi
Cisco Employee
Cisco Employee

‎06-10-2015 10:30 PM

Hi,

This means that Firewall is dropping an out-of-order packet. This shows firewall is working fine. There might be a lot of tcp out-of-order packets coming on the firewall and tcp reassembly buffer might getting filled up.

Default Queue length is 16 per session. You could try increasing the queue length, timeout value and see if you still receive these logs or else you need to look for reason for out-of-order packets in your network.

Go through the below link. It would give you detail understanding of the issue and configuration assistance :

http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/ht_ooop.html

 

Please let me know if you have any query on this.

 

Regards,

Akshay Rastogi

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card