cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1212
Views
0
Helpful
2
Replies

Port Forward & Cross VLAN Connectivity Issue

eagletec1
Level 1
Level 1

Hi All,

I recently installed an IP-PBX phone system behind a 887VA as per attached image but I now have two issues.

Firstly I’m unable to manage the IP-PBX device either locally (LAN) or remotely (WAN). I can ping the IP-PBX device from within the router on both it’s VLAN 3 & 4 IP addresses, but I’m unable to ping the device (192.168.20.254 – Vlan4) from a station in Vlan1 to Vlan4 hence I’m unable to manage the device using it’s LAN IP & web port 192.168.20.254:9999. I can however ping the device on it’s Vlan3 address (192.168.4.253) from the same station in Vlan1, but again I’m unable to manage the device on it’s WAN IP & web port 192.168.4.253:9999.

Secondly I have

created various port forwards  to allow access to CCTV cameras, IP-PBX management and to allow remote IP phones to connect to the IP-PBX device but none of these are working. I’m pretty sure both issue are connected with the firewall policy maps & NAT but I’m unable to see where, can any help?

Full router running config attached. If anyone can assist I will be most grateful.

Louise

1 Accepted Solution

Accepted Solutions

Hi Alain,

Ok here are my results. Firstly when I removed in zone from Vlan1 interface I lost internet on the PC I was connected too. Secondly removing the zones appears to have had not effect as I was still unable to connect remotely or locally to the PBX device and remotely to the CCTV. I tried a few ping tests with the zones off the interfaces and pings were unsuccessful, once the zones were reattached ping test were then successful. However I was not able to ping Vlan4 either with zones attached or not, but could still ping the device from within the router confirming the network is good.

I’m trying to achieve the following:-

Have remote IP phones using protocol 5060 (SIP) or 4569 (IAX) register with the IP-PBX device on 192.168.4.253 (Vlan3 - DMZ)

Be able to manage the IP-PBX device remotely using public IP on port :9999 forwarded to 192.168.4.253 (Vlan3 - DMZ)

Be able to manage the IP-PBX locally using either 192.168.4.253:9999 (Vlan3 - DMZ) or 192.168.20.254:9999 (Vlan4 – inside)

Be able to connect to 4 different CCTV DVR using public IP and various ports from 6208 to 6280 which are mapped with NAT

Be able to connect to PC’s using RDP with various ports as mapped with NAT

Have VPN traffic on 1723 forwarded to the server as mapped with NAT

I also have a second 887 router here in Brisbane that I want to link with the remote router via the inbuilt VPN.

Dropped packet log from the time I was testing.

QQQ_ADSL_Gateway#sh log

Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes,

0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level debugging, 48234 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level debugging, 44 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    Persistent logging: disabled

No active filter modules.

    Trap logging: level informational, 48223 message lines logged

        Logging Source-Interface:       VRF Name:

Log Buffer (64000 bytes):

048181: .Jul 23 23:19:46.732 Magadan: %SYS-5-CONFIG_I: Configured from console b

y cpadmin on vty0 (192.168.0.24)

048182: .Jul 23 23:21:40.832 Magadan: %FW-6-DROP_PKT: Dropping udp session 103.7

.30.141:8000 192.168.0.24:4067 on zone-pair ccp-zp-out-zone-To-in-zone class cla

ss-default due to  DROP action found in policy-map with ip ident 0

048183: .Jul 23 23:23:27.988 Magadan: %FW-6-DROP_PKT: Dropping tcp session 74.12

5.28.105:443 192.168.0.206:39996 on zone-pair ccp-zp-in-out class ccp-insp-traff

ic due to  SYN inside current window with ip ident 0

048184: .Jul 23 23:25:09.568 Magadan: %FW-6-DROP_PKT: Dropping icmp session 192.

168.20.254:0 192.168.0.24:0 on zone-pair dmz-to-in class ccp-icmp-access   with

ip ident 0

048185: .Jul 23 23:27:33.685 Magadan: %FW-6-DROP_PKT: Dropping tcp session 74.12

5.25.108:993 192.168.0.206:60476 on zone-pair ccp-zp-in-out class ccp-insp-traff

ic due to  SYN inside current window with ip ident 0

048186: .Jul 23 23:29:53.126 Magadan: %FW-6-DROP_PKT: Dropping tcp session 202.1

.168.73:2857 212.96.161.246:80  due to  RST inside current window with ip ident

0

048187: .Jul 23 23:32:43.136 Magadan: %FW-6-DROP_PKT: Dropping tcp session 192.1

68.4.253:9999 192.168.0.24:2870 on zone-pair dmz-to-in class ccp-icmp-access due

to  Invalid Flags with ip ident 0

048188: .Jul 23 23:33:29.930 Magadan: %FW-6-DROP_PKT: Dropping tcp session 192.1

68.4.253:9999 192.168.0.24:2870 on zone-pair dmz-to-in class ccp-icmp-access due

to  Invalid Flags with ip ident 0

048189: .Jul 23 23:34:17.932 Magadan: %FW-6-DROP_PKT: Dropping tcp session 192.1

68.4.253:9999 192.168.0.24:2870 on zone-pair dmz-to-in class ccp-icmp-access due

to  Invalid Flags with ip ident 0

048190: .Jul 23 23:35:16.694 Magadan: %FW-6-DROP_PKT: Dropping udp session 203.1

2.160.2:123 192.168.5.251:123 on zone-pair ccp-zp-out-zone-To-in-zone class clas

s-default due to  DROP action found in policy-map with ip ident 0

048191: .Jul 23 23:40:16.485 Magadan: %FW-6-DROP_PKT: Dropping tcp session 202.1

.168.73:9999 203.219.237.252:16801 on zone-pair ccp-zp-self-out class ccp-icmp-a

ccess due to  Invalid Flags with ip ident 0

048192: .Jul 23 23:42:17.669 Magadan: %FW-6-DROP_PKT: Dropping tcp session 37.25

2.240.6:80 192.168.0.24:2637  due to  policy match failure with ip ident 0

048193: .Jul 23 23:42:48.019 Magadan: %FW-6-DROP_PKT: Dropping tcp session 202.1

.168.73:9999 203.219.237.252:16939 on zone-pair ccp-zp-self-out class ccp-icmp-a

ccess due to  Invalid Flags with ip ident 0

048194: .Jul 23 23:43:18.432 Magadan: %FW-6-DROP_PKT: Dropping udp session 202.1

.161.36:53 192.168.0.24:65497  due to  One of the interfaces not being cfged for

zoning with ip ident 0

048195: .Jul 23 23:43:48.621 Magadan: %FW-6-DROP_PKT: Dropping udp session 111.2

21.74.23:40014 192.168.0.24:29150  due to  policy match failure with ip ident 0

048196: .Jul 23 23:44:18.626 Magadan: %FW-6-DROP_PKT: Dropping udp session 120.1

96.212.96:8000 192.168.0.24:4080  due to  policy match failure with ip ident 0

048197: .Jul 23 23:44:48.823 Magadan: %FW-6-DROP_PKT: Dropping tcp session 64.4.

23.159:40031 192.168.0.24:2936  due to  policy match failure with ip ident 0

048198: .Jul 23 23:45:23.612 Magadan: %FW-6-DROP_PKT: Dropping tcp session 23.32

.248.41:80 192.168.0.24:2987 on zone-pair ccp-zp-in-out class ccp-protocol-http

due to  SYN inside current window with ip ident 0

048199: .Jul 23 23:45:55.530 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843562365 1452 bytes is out-of-order; expected seq:843534125. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048200: .Jul 23 23:45:55.530 Magadan: %FW-6-DROP_PKT: Dropping tcp session 23.32

.248.41:80 192.168.0.24:2987 on zone-pair ccp-zp-in-out class ccp-protocol-http

due to  Out-Of-Order Segment with ip ident 0

048201: .Jul 23 23:45:58.022 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843621669 1452 bytes is out-of-order; expected seq:843575073. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048202: .Jul 23 23:45:59.042 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843632965 1452 bytes is out-of-order; expected seq:843593429. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048203: .Jul 23 23:46:02.414 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843679561 1452 bytes is out-of-order; expected seq:843644261. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048204: .Jul 23 23:46:04.386 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843713449 1452 bytes is out-of-order; expected seq:843679561. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048205: .Jul 23 23:46:05.534 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843748749 1452 bytes is out-of-order; expected seq:843713449. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048206: .Jul 23 23:46:06.654 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843774165 1452 bytes is out-of-order; expected seq:843748749. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048207: .Jul 23 23:46:11.026 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843873005 1452 bytes is out-of-order; expected seq:843843353. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048208: .Jul 23 23:46:12.066 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843878653 1452 bytes is out-of-order; expected seq:843844765. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048209: .Jul 23 23:46:14.358 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843930897 1452 bytes is out-of-order; expected seq:843885713. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048210: .Jul 23 23:46:15.654 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843959137 1452 bytes is out-of-order; expected seq:843930897. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048211: .Jul 23 23:46:16.690 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843990201 1452 bytes is out-of-order; expected seq:843959137. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048212: .Jul 23 23:46:18.718 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844026913 1452 bytes is out-of-order; expected seq:843993025. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048213: .Jul 23 23:46:19.814 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844060801 1452 bytes is out-of-order; expected seq:844026913. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048214: .Jul 23 23:46:21.070 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844104573 1452 bytes is out-of-order; expected seq:844060801. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048215: .Jul 23 23:46:23.154 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844128577 1452 bytes is out-of-order; expected seq:844104573. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048216: .Jul 23 23:46:24.331 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844168113 1452 bytes is out-of-order; expected seq:844128577. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048217: .Jul 23 23:46:25.423 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844194941 1452 bytes is out-of-order; expected seq:844162465. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048218: .Jul 23 23:46:26.491 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844228829 1452 bytes is out-of-order; expected seq:844194941. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048219: .Jul 23 23:46:26.491 Magadan: %FW-6-DROP_PKT: Dropping tcp session 23.32

.248.41:80 192.168.0.24:2987 on zone-pair ccp-zp-in-out class ccp-protocol-http

due to  Out-Of-Order Segment with ip ident 0

048220: .Jul 23 23:46:27.667 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844264129 1452 bytes is out-of-order; expected seq:844228829. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048221: .Jul 23 23:46:28.743 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844298017 1452 bytes is out-of-order; expected seq:844264129. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048222: .Jul 23 23:46:29.767 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844327669 1452 bytes is out-of-order; expected seq:844272601. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048223: .Jul 23 23:46:33.583 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844327669 1452 bytes is out-of-order; expected seq:844322021. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048224: .Jul 23 23:46:35.039 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844385561 1452 bytes is out-of-order; expected seq:844331905. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

QQQ_ADSL_Gateway#

Louise

View solution in original post

2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

Hi,

Can you detach your interfaces from zones and test and if it is working then reattach zones to interface and use global command: ip inspect log drop-pkt , log to the buffer and post these logs.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

Ok here are my results. Firstly when I removed in zone from Vlan1 interface I lost internet on the PC I was connected too. Secondly removing the zones appears to have had not effect as I was still unable to connect remotely or locally to the PBX device and remotely to the CCTV. I tried a few ping tests with the zones off the interfaces and pings were unsuccessful, once the zones were reattached ping test were then successful. However I was not able to ping Vlan4 either with zones attached or not, but could still ping the device from within the router confirming the network is good.

I’m trying to achieve the following:-

Have remote IP phones using protocol 5060 (SIP) or 4569 (IAX) register with the IP-PBX device on 192.168.4.253 (Vlan3 - DMZ)

Be able to manage the IP-PBX device remotely using public IP on port :9999 forwarded to 192.168.4.253 (Vlan3 - DMZ)

Be able to manage the IP-PBX locally using either 192.168.4.253:9999 (Vlan3 - DMZ) or 192.168.20.254:9999 (Vlan4 – inside)

Be able to connect to 4 different CCTV DVR using public IP and various ports from 6208 to 6280 which are mapped with NAT

Be able to connect to PC’s using RDP with various ports as mapped with NAT

Have VPN traffic on 1723 forwarded to the server as mapped with NAT

I also have a second 887 router here in Brisbane that I want to link with the remote router via the inbuilt VPN.

Dropped packet log from the time I was testing.

QQQ_ADSL_Gateway#sh log

Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes,

0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level debugging, 48234 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level debugging, 44 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    Persistent logging: disabled

No active filter modules.

    Trap logging: level informational, 48223 message lines logged

        Logging Source-Interface:       VRF Name:

Log Buffer (64000 bytes):

048181: .Jul 23 23:19:46.732 Magadan: %SYS-5-CONFIG_I: Configured from console b

y cpadmin on vty0 (192.168.0.24)

048182: .Jul 23 23:21:40.832 Magadan: %FW-6-DROP_PKT: Dropping udp session 103.7

.30.141:8000 192.168.0.24:4067 on zone-pair ccp-zp-out-zone-To-in-zone class cla

ss-default due to  DROP action found in policy-map with ip ident 0

048183: .Jul 23 23:23:27.988 Magadan: %FW-6-DROP_PKT: Dropping tcp session 74.12

5.28.105:443 192.168.0.206:39996 on zone-pair ccp-zp-in-out class ccp-insp-traff

ic due to  SYN inside current window with ip ident 0

048184: .Jul 23 23:25:09.568 Magadan: %FW-6-DROP_PKT: Dropping icmp session 192.

168.20.254:0 192.168.0.24:0 on zone-pair dmz-to-in class ccp-icmp-access   with

ip ident 0

048185: .Jul 23 23:27:33.685 Magadan: %FW-6-DROP_PKT: Dropping tcp session 74.12

5.25.108:993 192.168.0.206:60476 on zone-pair ccp-zp-in-out class ccp-insp-traff

ic due to  SYN inside current window with ip ident 0

048186: .Jul 23 23:29:53.126 Magadan: %FW-6-DROP_PKT: Dropping tcp session 202.1

.168.73:2857 212.96.161.246:80  due to  RST inside current window with ip ident

0

048187: .Jul 23 23:32:43.136 Magadan: %FW-6-DROP_PKT: Dropping tcp session 192.1

68.4.253:9999 192.168.0.24:2870 on zone-pair dmz-to-in class ccp-icmp-access due

to  Invalid Flags with ip ident 0

048188: .Jul 23 23:33:29.930 Magadan: %FW-6-DROP_PKT: Dropping tcp session 192.1

68.4.253:9999 192.168.0.24:2870 on zone-pair dmz-to-in class ccp-icmp-access due

to  Invalid Flags with ip ident 0

048189: .Jul 23 23:34:17.932 Magadan: %FW-6-DROP_PKT: Dropping tcp session 192.1

68.4.253:9999 192.168.0.24:2870 on zone-pair dmz-to-in class ccp-icmp-access due

to  Invalid Flags with ip ident 0

048190: .Jul 23 23:35:16.694 Magadan: %FW-6-DROP_PKT: Dropping udp session 203.1

2.160.2:123 192.168.5.251:123 on zone-pair ccp-zp-out-zone-To-in-zone class clas

s-default due to  DROP action found in policy-map with ip ident 0

048191: .Jul 23 23:40:16.485 Magadan: %FW-6-DROP_PKT: Dropping tcp session 202.1

.168.73:9999 203.219.237.252:16801 on zone-pair ccp-zp-self-out class ccp-icmp-a

ccess due to  Invalid Flags with ip ident 0

048192: .Jul 23 23:42:17.669 Magadan: %FW-6-DROP_PKT: Dropping tcp session 37.25

2.240.6:80 192.168.0.24:2637  due to  policy match failure with ip ident 0

048193: .Jul 23 23:42:48.019 Magadan: %FW-6-DROP_PKT: Dropping tcp session 202.1

.168.73:9999 203.219.237.252:16939 on zone-pair ccp-zp-self-out class ccp-icmp-a

ccess due to  Invalid Flags with ip ident 0

048194: .Jul 23 23:43:18.432 Magadan: %FW-6-DROP_PKT: Dropping udp session 202.1

.161.36:53 192.168.0.24:65497  due to  One of the interfaces not being cfged for

zoning with ip ident 0

048195: .Jul 23 23:43:48.621 Magadan: %FW-6-DROP_PKT: Dropping udp session 111.2

21.74.23:40014 192.168.0.24:29150  due to  policy match failure with ip ident 0

048196: .Jul 23 23:44:18.626 Magadan: %FW-6-DROP_PKT: Dropping udp session 120.1

96.212.96:8000 192.168.0.24:4080  due to  policy match failure with ip ident 0

048197: .Jul 23 23:44:48.823 Magadan: %FW-6-DROP_PKT: Dropping tcp session 64.4.

23.159:40031 192.168.0.24:2936  due to  policy match failure with ip ident 0

048198: .Jul 23 23:45:23.612 Magadan: %FW-6-DROP_PKT: Dropping tcp session 23.32

.248.41:80 192.168.0.24:2987 on zone-pair ccp-zp-in-out class ccp-protocol-http

due to  SYN inside current window with ip ident 0

048199: .Jul 23 23:45:55.530 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843562365 1452 bytes is out-of-order; expected seq:843534125. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048200: .Jul 23 23:45:55.530 Magadan: %FW-6-DROP_PKT: Dropping tcp session 23.32

.248.41:80 192.168.0.24:2987 on zone-pair ccp-zp-in-out class ccp-protocol-http

due to  Out-Of-Order Segment with ip ident 0

048201: .Jul 23 23:45:58.022 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843621669 1452 bytes is out-of-order; expected seq:843575073. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048202: .Jul 23 23:45:59.042 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843632965 1452 bytes is out-of-order; expected seq:843593429. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048203: .Jul 23 23:46:02.414 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843679561 1452 bytes is out-of-order; expected seq:843644261. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048204: .Jul 23 23:46:04.386 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843713449 1452 bytes is out-of-order; expected seq:843679561. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048205: .Jul 23 23:46:05.534 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843748749 1452 bytes is out-of-order; expected seq:843713449. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048206: .Jul 23 23:46:06.654 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843774165 1452 bytes is out-of-order; expected seq:843748749. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048207: .Jul 23 23:46:11.026 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843873005 1452 bytes is out-of-order; expected seq:843843353. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048208: .Jul 23 23:46:12.066 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843878653 1452 bytes is out-of-order; expected seq:843844765. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048209: .Jul 23 23:46:14.358 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843930897 1452 bytes is out-of-order; expected seq:843885713. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048210: .Jul 23 23:46:15.654 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843959137 1452 bytes is out-of-order; expected seq:843930897. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048211: .Jul 23 23:46:16.690 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:843990201 1452 bytes is out-of-order; expected seq:843959137. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048212: .Jul 23 23:46:18.718 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844026913 1452 bytes is out-of-order; expected seq:843993025. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048213: .Jul 23 23:46:19.814 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844060801 1452 bytes is out-of-order; expected seq:844026913. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048214: .Jul 23 23:46:21.070 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844104573 1452 bytes is out-of-order; expected seq:844060801. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048215: .Jul 23 23:46:23.154 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844128577 1452 bytes is out-of-order; expected seq:844104573. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048216: .Jul 23 23:46:24.331 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844168113 1452 bytes is out-of-order; expected seq:844128577. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048217: .Jul 23 23:46:25.423 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844194941 1452 bytes is out-of-order; expected seq:844162465. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048218: .Jul 23 23:46:26.491 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844228829 1452 bytes is out-of-order; expected seq:844194941. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048219: .Jul 23 23:46:26.491 Magadan: %FW-6-DROP_PKT: Dropping tcp session 23.32

.248.41:80 192.168.0.24:2987 on zone-pair ccp-zp-in-out class ccp-protocol-http

due to  Out-Of-Order Segment with ip ident 0

048220: .Jul 23 23:46:27.667 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844264129 1452 bytes is out-of-order; expected seq:844228829. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048221: .Jul 23 23:46:28.743 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844298017 1452 bytes is out-of-order; expected seq:844264129. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048222: .Jul 23 23:46:29.767 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844327669 1452 bytes is out-of-order; expected seq:844272601. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048223: .Jul 23 23:46:33.583 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844327669 1452 bytes is out-of-order; expected seq:844322021. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

048224: .Jul 23 23:46:35.039 Magadan: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: s

eq:844385561 1452 bytes is out-of-order; expected seq:844331905. Reason: TCP rea

ssembly queue overflow - session 192.168.0.24:2987 to 23.32.248.41:80 on zone-pa

ir ccp-zp-in-out class ccp-protocol-http

QQQ_ADSL_Gateway#

Louise

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco