Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
1
Replies

ZBF log message reading

Ruterford
Level 1
Level 1

‎01-27-2014 08:48 AM - edited ‎03-11-2019 08:36 PM

Hello Everyone!

I have IOS Version 15.2(3)T and configured Zone Based firewall on it.

There is a log message that I would like to make sure that I read correctly:

%FW-6-DROP_PKT: Dropping tcp session 10.100.216.60:25 XXX.XXX.XXX.XXX:61581 on zone-pair outside-to-inside class FROMINTERNET-IN-cmap due to  Stray Segment with ip ident 0


Logically I read that my internal host (SMTP server with static NAT) - 10.100.216.60 was accessed by some other host from public interbnet XXX.XXX.XXX.XXX and there was some problem with this connection.

But what is confusing is that if the reported zone-pair is outside-to-inside, then why order of IP addresses or hosts in the log message is not the same way i.e. XXX.XXX.XXX.XXX should be the first one and 10.100.216.60 should be the second one, according to the zone outside-to-inside.

Can somebody clarify this to me?

Thanks!

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎01-30-2014 12:53 PM

That looks like it is an out of order packet error.  Although the IOS 15.0 and higher supports out of order packets for ZBF, it is not supported for SMTP traffic.

but you could always try enabling it to see if the error disapears.

parameter-map type ooo global

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card