12-29-2005 03:08 PM - edited 03-03-2019 11:19 AM
We are seeing the following error message appear on one of our routers,
%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE:
Has anybody seen this before, or have any idea what is means and its impact?
Regards,
Jonathan
12-29-2005 03:33 PM
Hi Jonathan,
Which hardware and software are you running?
Sarb
12-29-2005 04:52 PM
Hi Sarb,
Thank you for replying. We have a Cisco 3845 running IOS version 12.4(4.8).
Regards,
Jonathan
12-29-2005 05:19 PM
It seems quite a rare error as I cant find any documentation on it.
Maybe someone else may know.
How often does it occur? Are there any other symptoms apart from the log messages?
What's the log message in full?
12-29-2005 05:50 PM
The error message in full is:
%FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE: Dropping packet - Invalid Window Scale option for session {IP Address}:{Port Number} to {IP Address}:{Port Number} (Initiator scale 0 Responder scale 0)
There are no other symptoms. Everything else in the router log is normal. These messages are occuring every 15 minutes in pairs it seems. We receive one, and then receive another under a minute later. Here are a few of the timings:
Dec 29 14:55:24.473
Dec 29 15:10:44.621
Dec 29 15:11:14.657
Dec 29 15:26:48.041
Dec 29 15:27:29.909
Dec 29 15:42:50.448
Dec 29 15:43:32.300
Dec 29 15:58:53.176
Dec 29 15:59:35.044
Dec 29 16:14:55.412
Dec 29 16:15:37.296
Regards,
Jonathan
12-30-2005 02:32 AM
Hi,
Could this be 15 minutes between email client attempts to check for new mail? Maybe the connection is statefully inspected and times out in the router?
TCP intercept?
Initiating a TCP session with both sides setting a TCP window to 0 makes no sense, but during the session window size of 0 means simply wait I am busy.
Can you use a packet analyzer to catch the relevant traffic causing this? What are the hosts with the relevant IPs doing?
Hope this helps
Martin
02-23-2006 06:51 AM
I don't see any more discussion on this issue - did you get a resolution?
The same thing is occurring to me on ISR 2811 and 2812 running IOS 12.4(4)T1, and it specifically happens whenever attempting connection via www or ftp to a certain Internet host.
Note that is is not a window size message - it is a TCP option for window scaling, and 0 is a valid window scale (I've been doing my research on this problem). TCP Windows Scaling allows you to specify a value to multiply the size of the TCP window by, so that you can have much larger windows than default 65535 size, and it was designed for big pipes with high latency (e.g. satellite links).
By removing and adding the inspect command, I can tell you that CBAC inspection is causing this. It apparently doesn't like the 0 value, but RFC 1323 says that is valid.
Anybody got a fix? Is this a new bug in latest IOS?
06-27-2013 02:08 PM
I'm also seeying the same error on my 3845. Please help.
06-27-2013 03:18 PM
Please see enhancement CSCsc37281
Some HTTP servers do not conform to TCP RFC requirements and might send TCP traffic that is outside of the TCP sliding window.
In some cases, this problem can be mitigated on the firewall by utilizing the command to enable loose TCP conformance checking:
ip inspect tcp window-scale-enforcement loose
kind regards, Eehab
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide