07-30-2010 08:13 AM - edited 03-11-2019 11:18 AM
Our 3825 IOS firewall (v12.4T(23)) log buffer has been blowing up lately with the message:
%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE: Dropping packet - Invalid Window Scale option for session 10.x.x.x:2215 to <external address>:80 [Initiator(flag 0,factor 0) Responder (flag 1, factor 1)]
The Output Interpreter says:
%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE :Dropping packet
Explanation: The firewall has detected that a packet from the Responder to the
Initiator has the windows scaling option enabled but did not have the scaling option
in the SYN packet from the Initiator to the Responder. This is an error according
to RFC 1323.
Recommendation: Enable the window scaling option on both the Initiator and the
Responder or turn off window scaling on the Responder.
So I guess I'm wondering if there is something I need to adjust on the 3825, to at least stifle it from blowing up my syslog and consuming the log buffer? Or is this the IOS firewall working as it should? Logging buffered is set to warnings. I guess I could up it to errors but I'd prefer warnings since this is our firewall.
TIA
07-30-2010 10:20 AM
if at all you have ip inspect log drop-packet you might want to try and remove that because that would log every dropped packet by firewall
i would advise to keep that command only for troubleshooting
07-30-2010 11:02 AM
I do not see that command in the running config. Is issuing the no ip inspect log drop-packet
advisable?
07-30-2010 11:15 AM
no ip inspect log drop-pkt
to be issued
07-30-2010 11:35 AM
Even after I issue the command, the log events still continue as above.
Any other suggestions?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide