[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1770
  • Last Modified:

Cisco Router Error Log

I am having major issues with downloading at my school.  I have looked at the router error log and one error that I get says:
2009-02-23 09:26:33      Local7.Warning      368: 000365: *Apr 15 18:20:35.469 Pacific: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:1725831920 1340 bytes is out-of-order; expected seq:1725807220. Reason: TCP reassembly queue overflow - session to

It is not always the same ip address that it is originating from, but this is a problem.  I found another article on here that said that I should look for anything in regards to IP inspect to fix this, but do not know what I should do after this.  My ip inspect looks like this:

ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive

  • 3
2 Solutions
you could try optimizing the timings here:

But by the looks of it, you may need more memory and CPU cycles, have you performance bench-marked the router?

There could be settings like minimizing the ring buffer, or lessening the inspection protocols or other optimizing techniques, but this intermittent and evasive problem will need some closer inspection.
aclaus225Author Commented:
I do not know what it means to performance bench-mark a router.  Additionally, how would I get more memory for the router?  I am very familiar with computers and how motherboards for computers have a max memory that they will allow.  The router that I have is an 871 .  
Well, they are really just computers with a dedicated purpose.

As far as memory goes, you need to know what you've got firstly.

Depending on how big your school is, I'd doubt that the little router could cope at all...

You can upgrade the memory quite easily, but the ASDM provides a minimum view of CPU and memory use.

Otherwise you can use the command line to get the same info from telnet or ssh...
show memory

Some more info here about it here:
When using NAT, Stateful Packet Inpection isn't really required unless your a rather security concious business - also a lower grade Cisco router like an 850 or 870 series will struggle a bit under high load with this turned on. In my opinion it has no benefit for SMB with low security risk, we use a Cisco 857 here with 25 desktop PCs, each PC has windows firewall enabled by default and AV installed - the desktop will cope with the scanning load far better than the Cisco will.

The following will remote SPI from the interface:

# no ip inspect SDM_LOW

The following will remote the SPI rules:

# no ip inspect name SDM_LOW

Yea, a pity since the IOS firewall option is not a cheap one..

Memory should make it work better, and its a cheap upgrade...

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now