cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1212
Views
0
Helpful
4
Replies

3825 IOS firewall - window scaling events

cooperben
Level 1
Level 1

Our 3825 IOS firewall (v12.4T(23)) log buffer has been blowing up lately with the message:

%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE: Dropping packet - Invalid Window Scale option for session 10.x.x.x:2215 to <external address>:80 [Initiator(flag 0,factor 0) Responder (flag 1, factor 1)]

The Output Interpreter says:

%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE :Dropping packet
Explanation: The firewall has detected that a packet from the Responder to the
Initiator has the windows scaling option enabled but did not have the scaling option
in the SYN packet from the Initiator to the Responder. This is an error according
to RFC 1323.
Recommendation: Enable the window scaling option on both the Initiator and the
Responder or turn off window scaling on the Responder.

So I guess I'm wondering if there is something I need to adjust on the 3825, to at least stifle it from blowing up my syslog and consuming the log buffer?  Or is this the IOS firewall working as it should?  Logging buffered is set to warnings.  I guess I could up it to errors but I'd prefer warnings since this is our firewall.

TIA

4 Replies 4

Jitendriya Athavale
Cisco Employee
Cisco Employee

if at all you have ip inspect log drop-packet you might want to try and remove that because that would log every dropped packet by firewall

i would advise to keep that command only for troubleshooting

I do not see that command in the running config.  Is issuing the no ip inspect log drop-packet

advisable?

no ip inspect log drop-pkt

to be issued

Even after I issue the command, the log events still continue as above.

Any other suggestions?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: