Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6360
http://www.securityfocus.com/bid/2573
http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml