3825 IOS firewall - window scaling events

Unanswered Question
Jul 30th, 2010

Our 3825 IOS firewall (v12.4T(23)) log buffer has been blowing up lately with the message:

%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE: Dropping packet - Invalid Window Scale option for session 10.x.x.x:2215 to <external address>:80 [Initiator(flag 0,factor 0) Responder (flag 1, factor 1)]

The Output Interpreter says:

Explanation: The firewall has detected that a packet from the Responder to the
Initiator has the windows scaling option enabled but did not have the scaling option
in the SYN packet from the Initiator to the Responder. This is an error according
to RFC 1323.
Recommendation: Enable the window scaling option on both the Initiator and the
Responder or turn off window scaling on the Responder.

So I guess I'm wondering if there is something I need to adjust on the 3825, to at least stifle it from blowing up my syslog and consuming the log buffer?  Or is this the IOS firewall working as it should?  Logging buffered is set to warnings.  I guess I could up it to errors but I'd prefer warnings since this is our firewall.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jitendriya Athavale Fri, 07/30/2010 - 10:20

if at all you have ip inspect log drop-packet you might want to try and remove that because that would log every dropped packet by firewall

i would advise to keep that command only for troubleshooting

cooperben Fri, 07/30/2010 - 11:02

I do not see that command in the running config.  Is issuing the no ip inspect log drop-packet


cooperben Fri, 07/30/2010 - 11:35

Even after I issue the command, the log events still continue as above.

Any other suggestions?


This Discussion