Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
207
Views
0
Helpful
1
Replies

VPN connection up and down with new ISP

Bob Lawson
Level 1
Level 1

‎02-25-2016 06:28 AM - edited ‎03-05-2019 03:25 AM

I have a VPN that connects our site to a customer site.  It has become unstable since I have changed ISPs.  Of course the ISP claims their end is perfectly fine. and nothing show up.

The main difference is I changed from a fibre based connection to a radio based connection.  They offered me a faster connection for less dollars but I have had endless frustration.  Our phones also run though the VPN so twice this week we have been without phones.  Hard to run a business without phones!

I keep getting the follow errors:

%FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:2059529499 1300 bytes is out-of-order; expected seq:2059508079. Reason: TCP reassembly queue overflow - session

ISAKMP:(0):Support for IKE Fragmentation not enabled

I have enabled the fragmentation support with . 

crypto isakmp fragmentation

but I never had it for the fibre based connection that ran for about 6 years.  So why do I need it now.

I have not looked at the logs while the VPN was functioning well so I do not know if I was getting all the out-of-order packets being dropped.  But I get a lot of them now.

Any ideas or suggestions would be appreciated.

Labels:
0 Helpful
1 Reply 1

Mark Malone
VIP Alumni
VIP Alumni

‎02-25-2016 08:54 AM

Did you see this may help , the fact all you changed to though is radio link really has to be something to do with how those devices are processing the traffic somehow but this could be worth a shot

https://glazenbakje.wordpress.com/2011/10/28/get-rid-cisco-ios-router-message-fw-4-tcp_ooo_seg-dropping-tcp-segment/

0 Helpful
Customers Also Viewed These Support Documents