My CCO login doesn't give access to the TAC tool, and email@example.com replies, that it has to go that way around - however I don't think I'll bother with escalating the case through our Cisco pusher, so I'll just wait for updated documentation :-( (hmm.. a minor but annoying case for my future contribution to the costumer satisfaction survey - I mean, it's not a rocket science question !)
I did open a TAC case because I was also seeing this problem on certain websites, and couldn't find any doc at all on this message (except for the postings here on NPC). This message is tied to bug id CSCsc37281 - here is the text from the bug notes:
Currently, IOS CBAC (Context-Based Access Control) enforces strict checking for the TCP Window Scale option per RFC1323 section 2. Unfortunately, this creates a problem when the TCP stacks on the end devices are not RFC compliant. As a result, TCP connections between such end devices may not establish with CBAC enabled.
This is an enhancement request to have the firewall provide more user configurable options when dealing with the TCP window scale option.
And here's a link to the bug (requires registered access):
It appears to be platform-independent, and started occurring in 12.4 (I've seen it in 12.4(5) and am currently seeing it in 12.4(7)). Fixed in versions are 12.4(6.6)T, 12.4(7.23) - which means the next T and mainline release should have the fix incorporated.
So I guess we just have to be patient and wait for the next release. But it sure would be nice if this error message was documented somewhere........
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...