Re: HELP!!!!!! %IP_VFR-4-FRAG_TABLE_OVERFLOW:

in addition to the bellow I would consider also the following

1) reading
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
you need to consider adjusting your MSS between your IPSec sites to avoide
creating so much fragments.

2) remove virtual-reassembly from the LAN interface although from the show
command I do not see any packet handled in that interface it is unnecessary
configuration

On Wed, Apr 1, 2009 at 6:31 AM, shiran guez <shiranp3_at_gmail.com> wrote:

> The router is saying to you that the max concurent reassemblies supported
> is 16 and the error you get is that you have reached that limit: *Concurrent
> reassemblies (max-reassemblies): 16
> *you can* *say no ip virtual-reassembly under the interface as you most
> probebly have a lot of fragments in your lab.
>
> or the other solution is to increase the amount of frag
>
> * ip virtual-reassembly max-reassemblies 32 max-fragments 64 time 5*
> **
> *do sh ip virtual-reassembly f0/0*
> **
> **
> *
> *
> On Tue, Mar 31, 2009 at 9:34 PM, Uyota Oyearone <spycharlies_at_gmail.com>wrote:
>
>> Hi experts,
>>
>> Just wondering if any one has come across this issue.
>>
>> I have a home lab setup with 3 sites. Everything seems to be working ok
>> including VOIP and all other traffic going thru the GRE IPSec tunnels.
>>
>> But sometimes my router freaks out with an error message especially when
>> my
>> domain controllers are replicating
>>
>> " %IP_VFR-4-FRAG_TABLE_OVERFLOW: FastEthernet0/0: the fragment
>> table has reached its maximum threshold 16 "
>>
>> Here is part of my router configs
>>
>> =*=
>> interface Tunnel12
>> description TUNNEL_TO_R2
>> ip address 192.168.12.1 255.255.255.0
>> ip mtu 1500
>> ip tcp adjust-mss 1400
>> keepalive 10 3
>> tunnel source 10.100.200.251
>> tunnel destination 10.100.200.252
>> !
>> interface Tunnel13
>> description TUNNEL_TO_R3
>> ip address 192.168.13.1 255.255.255.0
>> ip mtu 1500
>> ip tcp adjust-mss 1400
>> keepalive 10 3
>> tunnel source 10.100.200.251
>> tunnel destination 10.100.200.250
>> !
>> interface FastEthernet0/0
>> description Connected_to_WAN
>> ip address 10.100.200.251 255.255.255.0
>> ip access-group EXTERNAL_SOURCES in
>> no ip proxy-arp
>> ip nat outside
>> ip virtual-reassembly
>> duplex auto
>> speed auto
>> no cdp enable
>> crypto map vpn
>> !
>> interface FastEthernet0/1
>> description CONNECTED_TO_LAN
>> ip address 192.168.10.1 255.255.255.0
>> ip nat inside
>> ip virtual-reassembly
>> duplex auto
>> speed auto
>>
>> =*=
>>
>>
>> #sh ip virtual-reassembly
>> FastEthernet0/0:
>> Virtual Fragment Reassembly (VFR) is ENABLED...
>> Concurrent reassemblies (max-reassemblies): 16
>> Fragments per reassembly (max-fragments): 32
>> Reassembly timeout (timeout): 3 seconds
>> Drop fragments: OFF
>> Current reassembly count:0
>> Current fragment count:0
>> Total reassembly count:127175
>> Total reassembly timeout count:0
>> FastEthernet0/1:
>> Virtual Fragment Reassembly (VFR) is ENABLED...
>> Concurrent reassemblies (max-reassemblies): 16
>> Fragments per reassembly (max-fragments): 32
>> Reassembly timeout (timeout): 3 seconds
>> Drop fragments: OFF
>> Current reassembly count:0
>> Current fragment count:0
>> Total reassembly count:0
>> Total reassembly timeout count:0
>>
>> =*=
>>
>> Sugestions Welcomed !
>>
>> Thanks,
>>
>> Uyota 0.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Shiran Guez
> MCSE CCNP NCE1 JNCIA-ER CCIE #20572
> http://cciep3.blogspot.com
> http://www.linkedin.com/in/cciep3
>

-- 
Shiran Guez
MCSE CCNP NCE1 JNCIA-ER CCIE #20572
http://cciep3.blogspot.com
http://www.linkedin.com/in/cciep3
Blogs and organic groups at http://www.ccie.net