Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco PIX 500 Series Security Appliances

PIX Security Appliance and Microsoft Windows Vista TCP Window Scaling Troubleshooting

Downloads

Document ID: 71602


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Problem
Solution
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

The Microsoft Windows Vista Operating System (OS) enables the TCP Window Scaling option by default (previous Windows OSes had this option disabled). This causes problems with old Cisco PIX software. This document describes the problem and presents the solution to this issue.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Problem

The Microsoft Windows Vista OS enables the TCP Window Scaling option by default (previous Windows OSes had this option disabled). The TCP Window Scaling option is described in RFC 1323 leavingcisco.com (TCP Extensions for High Performance), and allows for the device to advertise a receive window larger than 65 K than TCP originally specified. This is useful in the higher speed networks of today, where more data can be outstanding on the wire before it is acknowledged. This slow performance, or dropped TCP connections is caused by some versions of PIX software not supporting the TCP Window Scaling option. This causes it to have a much smaller TCP window than the endpoints actually have. This causes the Cisco PIX to drop packets that it believes are outside the TCP window, but which really are not. You experience this problem with older Cisco PIX software.

Solution

Upgrade the Cisco PIX Security Appliance to a version that supports the TCP Window Scaling option.

The supported versions are:

  • All versions of 7.x

  • 6.3(1) or later

  • 6.2(3) or later

  • 6.1(5) or later

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.
NetPro Discussion Forums - Featured Conversations for Security
Security: Intrusion Detection [Systems]
Security: AAA
Security: General
Security: Firewalling

Related Information

Updated: Oct 13, 2008Document ID: 71602