This issue can occur due to the presence of Cisco bug ID CSCse46220.
This problem occurs as ASA attempts to re-order all packets matched in the access-list of the associated class.
In order to resolve this issue, complete these steps:
Adjust the access-list reference in the class-map command in order to remove the problem traffic from inspection by the SSM.
Increase the queue-limit under the tcp-map command. This can help with performance, although it can take some trial and error in order to find the optimal queue-limit value that delivers the best performance.
Clear the selective-ack and timestamp options from the tcp-options command.
This is an example of an adjusted queue-limit with cleared selective-ack and timestamp options:
Over the past decade, Cisco has published a wealth of security and threat intelligence information for security professionals interested in the state of global cybersecurity. The Cybersecurity Report Series provides detailed accounts of threat landsc...
hi Marvin/team, I will be implementing an AMP4E solution for the centos server.I need to know what kind of prerequisites from the customer end.is there any kind of port that needs to be open on the running Firewall?can you provide a stepwis...
Hi, I have a WS-C3650-48PS IOS 03.07.04E cat3k_caa-universalk9. The following appears in a network security report: The host transmits UDP packets with a constant IP Identification field. This behavior may be exploited to discover the opera...