Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Microsoft Windows Vista users may experience slow TCP performance or dropped TCP connections through a PIX Firewall

Core issue

The Microsoft Windows Vista operating system enables the TCP Window Scaling option by default (previous Windows operating systems had this option disabled). The TCP Extensions for High Performance (TCP Window Scaling Option) is described in RFC 1323, and allows for the device to advertise a receive window larger than 65 K that TCP originally specified. This is useful in today's higher speed networks, where more data can be outstanding on the wire before it is acknowledged.

This slow performance, or dropped TCP connections is caused by some  versions of PIX software not supporting the TCP Window Scale option,  causing it to have a much smaller TCP window than the endpoints actually have. This results in PIX dropping packets that it believes are outside the TCP window, but which really are not.


For a workaround,

Download and upgrade the PIX  software to any of the following versions that support the TCP Window Scale option:

  • All versions of 7.x
  • 6.3(1) or later
  • 6.2(3) or later
  • 6.1(5) or later