Hi Sarb,

Thank you for replying. We have a Cisco 3845 running IOS version 12.4(4.8).

Regards,

Jonathan

It seems quite a rare error as I cant find any documentation on it.

Maybe someone else may know.

How often does it occur? Are there any other symptoms apart from the log messages?

What's the log message in full?

The error message in full is:

%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE: Dropping packet - Invalid Window Scale option for session {IP Address}:{Port Number} to {IP Address}:{Port Number} (Initiator scale 0 Responder scale 0)

There are no other symptoms. Everything else in the router log is normal. These messages are occuring every 15 minutes in pairs it seems. We receive one, and then receive another under a minute later. Here are a few of the timings:

Dec 29 14:55:24.473

Dec 29 15:10:44.621

Dec 29 15:11:14.657

Dec 29 15:26:48.041

Dec 29 15:27:29.909

Dec 29 15:42:50.448

Dec 29 15:43:32.300

Dec 29 15:58:53.176

Dec 29 15:59:35.044

Dec 29 16:14:55.412

Dec 29 16:15:37.296

Regards,

Jonathan

Hi,

Could this be 15 minutes between email client attempts to check for new mail? Maybe the connection is statefully inspected and times out in the router?

TCP intercept?

Initiating a TCP session with both sides setting a TCP window to 0 makes no sense, but during the session window size of 0 means simply wait I am busy.

Can you use a packet analyzer to catch the relevant traffic causing this? What are the hosts with the relevant IPs doing?

Hope this helps

Martin

I don't see any more discussion on this issue - did you get a resolution?

The same thing is occurring to me on ISR 2811 and 2812 running IOS 12.4(4)T1, and it specifically happens whenever attempting connection via www or ftp to a certain Internet host.

Note that is is not a window size message - it is a TCP option for window scaling, and 0 is a valid window scale (I've been doing my research on this problem). TCP Windows Scaling allows you to specify a value to multiply the size of the TCP window by, so that you can have much larger windows than default 65535 size, and it was designed for big pipes with high latency (e.g. satellite links).

By removing and adding the inspect command, I can tell you that CBAC inspection is causing this. It apparently doesn't like the 0 value, but RFC 1323 says that is valid.

Anybody got a fix? Is this a new bug in latest IOS?

I'm also seeying the same error on my 3845. Please help.

Please see enhancement CSCsc37281

Some HTTP servers do not conform to TCP RFC requirements and might send TCP traffic that is outside of the TCP sliding window.

In some cases, this problem can be mitigated on the firewall by utilizing the command to enable loose TCP conformance checking:

ip inspect tcp window-scale-enforcement loose

kind regards, Eehab