The Microsoft Windows Vista Operating System (OS) enables the TCP Window Scaling option by default (previous Windows OSes had this option disabled). This causes problems with older Cisco IOS Firewall software. This document describes the problem and presents the solution to this issue.
There are no specific requirements for this document.
This document is not restricted to specific software and hardware versions.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
The Microsoft Windows Vista OS enables the TCP Window Scaling option by default (previous Windows OSes had this option disabled). The TCP Window Scaling option is described in RFC 1323 (TCP Extensions for High Performance), and allows for the device to advertise a receive window larger than 65 K than TCP originally specified. This is useful in the higher speed networks of today, where more data can be outstanding on the wire before it is acknowledged. This slow performance, or dropped TCP connections is caused by some versions of Cisco IOS® Firewall software not supporting the TCP Window Scaling option. This causes it to have a much smaller TCP window than the endpoints actually have. This causes the Cisco IOS router that runs the IOS Firewall feature set to drop packets that it believes are outside the TCP window, but which really are not.
Upgrade the Cisco IOS Firewall to a version that supports the TCP Window Scaling option.
The supported versions are Cisco IOS Software Release 12.3(15) or later.