Hi Mark,

I am not sure what is the device connected on Fa3. Most probably a switch. 

sh int fa3
FastEthernet3 is up, line protocol is up
Hardware is Fast Ethernet, address is 78da.6e86.71df (bia 78da.6e86.71df)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 566000 bits/sec, 266 packets/sec
5 minute output rate 566000 bits/sec, 266 packets/sec
1769299 packets input, 445586956 bytes, 0 no buffer
Received 0 broadcasts (3427 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
1768464 packets output, 445895085 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
215 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

Hi

that interface is clean so the issue is not on that or you would have some form of errors incrementing , yet all your counters are clear of any couple fo resets that's it

its unlikely a switch with virtual reassembly set on the vlan interface and cdp turned off , is it an edge device router etc ?

the problem could be on that device itself , do you see dropped packets if you ping 172.27.7.253

You are right, It is a small router as reflected from mac address.

Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
001a.8cf0.1f27 Dynamic 4 FastEthernet3

No issues in local ping.

ping 172.27.7.253 rep 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 172.27.7.253, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/1/4 ms

Anurag

yes so looking at that the interface .254 is the culprit for dropping packets not the fa3 as that's responding fine locally and the cable is clean to or you would see crc and input error's and collisions on cisco side  , but only when you ping far end .254 does it start dropping so that where the problem lies on that devices port

the ping drops look very consistent too , there is no security feature in place to prevent ddos turned on for ICMP that can replicate that response  ?

if you ping through that ip address to the next hop upstream through the router is it dropping too or is it just when you ping the actual interface ?

No security feature enable on cisco end. Yes it drops packets for upstream too.

ping 8.8.8.8 rep 1000

Type escape sequence to abort.

Sending 1000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!.!!!!!

Success rate is 97 percent (971/1000), round-trip min/avg/max = 20/20/32 ms

it wouldn't be on the cisco end it would be on the Sophos device that's dropping the packets , can you change the port on that side is there a free one to test ? , if its not that you may need to change the device itself if its constantly dropping traffic like that

as another test you could add a laptop to the port on the Sophos side give it sane ip .254 and see if its dripping packets if its not you know for certain its the device itself , but first I would tray move it to another port