Cisco Router Error Log

Posted on 2009-02-23
Last Modified: 2012-06-21
I am having major issues with downloading at my school.  I have looked at the router error log and one error that I get says:
2009-02-23 09:26:33      Local7.Warning      368: 000365: *Apr 15 18:20:35.469 Pacific: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:1725831920 1340 bytes is out-of-order; expected seq:1725807220. Reason: TCP reassembly queue overflow - session to

It is not always the same ip address that it is originating from, but this is a problem.  I found another article on here that said that I should look for anything in regards to IP inspect to fix this, but do not know what I should do after this.  My ip inspect looks like this:

ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive

Question by:aclaus225
    LVL 23

    Expert Comment

    you could try optimizing the timings here:

    But by the looks of it, you may need more memory and CPU cycles, have you performance bench-marked the router?

    There could be settings like minimizing the ring buffer, or lessening the inspection protocols or other optimizing techniques, but this intermittent and evasive problem will need some closer inspection.

    Author Comment

    I do not know what it means to performance bench-mark a router.  Additionally, how would I get more memory for the router?  I am very familiar with computers and how motherboards for computers have a max memory that they will allow.  The router that I have is an 871 .  
    LVL 23

    Expert Comment

    Well, they are really just computers with a dedicated purpose.

    As far as memory goes, you need to know what you've got firstly.

    Depending on how big your school is, I'd doubt that the little router could cope at all...

    You can upgrade the memory quite easily, but the ASDM provides a minimum view of CPU and memory use.

    Otherwise you can use the command line to get the same info from telnet or ssh...
    show memory

    Some more info here about it here:
    LVL 10

    Assisted Solution

    When using NAT, Stateful Packet Inpection isn't really required unless your a rather security concious business - also a lower grade Cisco router like an 850 or 870 series will struggle a bit under high load with this turned on. In my opinion it has no benefit for SMB with low security risk, we use a Cisco 857 here with 25 desktop PCs, each PC has windows firewall enabled by default and AV installed - the desktop will cope with the scanning load far better than the Cisco will.

    The following will remote SPI from the interface:

    # int [INTERFACE]
    # no ip inspect SDM_LOW

    The following will remote the SPI rules:

    # no ip inspect name SDM_LOW

    LVL 23

    Accepted Solution

    Yea, a pity since the IOS firewall option is not a cheap one..

    Memory should make it work better, and its a cheap upgrade...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now