Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1685
Views
0
Helpful
0
Comments

The Cisco IOS Firewall with VPN Tunnel drops tcp packets and the "Invalid Segment tcp" error message appears

TCC_2
Level 10
Level 10

‎06-22-2009 05:31 PM - edited ‎03-08-2019 06:25 PM

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsg37315.

This issue occurs when VPN tunnels are configured on the router in conjunction with Context-Based Access Control (CBAC).

When this issue occurs, the Invalid Segment tcp error message appears.

Resolution

For a workaround:

Disable the hardware encryption on the router with the no crypto engine accelerator command.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents