09-16-2004 09:05 AM - edited 03-09-2019 08:48 AM
Has anyone got an error for Invalid TCP segment before? Cisco does not give much explanation about it. Moreover i get this error between a telnet session and a Diameter (Radius session) while if disabling CBAC, applications work fine.
TCP inspect is enabled. Inspect is enabled inbound on all interfaces and Access-lists applied inbound as well....
Sep 13 19:38:54.130 EEST: CBAC sis 50D9334C L4 inspect result: DROP packet 50089E10 (192.168.160.39:58938) (192.168.21.41:1812) bytes 208 ErrStr = Invalid Segment tcp
Sep 13 19:39:14.350 EEST: CBAC sis 44E50590 L4 inspect result: DROP packet 50043C40 (192.168.0.100:1610) (192.168.164.5:23) bytes 0 ErrStr = Invalid Segment tcp
Also how can I force clear all connected sessions?
09-16-2004 09:39 AM
Which version of IOS is this?
Scott
09-16-2004 08:58 PM
s72033-jk9o3sv-mz.122-17d.SXB1.bin
- 7600-SUP720/MSFC3
- ENT FW W/MPLS/IPV6/SSH/3DES
- 122-17d.SXB1
The router is also acting as a MPLS P/PE node.
10-19-2004 07:25 AM
Hi,
I have the same problem with a 2621XM running c2600-advsecurityk9-mz.123-8.T3.bin.
Besides that there a way too many packet drops with this reason between trusted hosts, it seems to prevent active FTP from working properly. It seems some important packets on the ftp-data channel are dropped.
Is there a solution yet? I can provide debug traces of the cisco and ethereal/tcpdump traces of both sides if needed.
Thanks,
Franz.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide