Question. Cisco PIX/ASA

Thu Apr 30 18:31:31 UTC 2009

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joe -

Maybe the middlebox along the path doesn't like tcp window scale
parameter being changed in the midway due to dropped tcp connections or
something. Could be specific to microsoft server. What does your pix
logs show?

Have you tried turning off 'tcp window scale' option on your windows
server? I believe this is enabled by default[0]. See if you can test this.

I've ran into similar problems using pix/nokia fw.

Hopefully this helps and you might want to bounce (do not crosspost :))
this thread off cisco-nsp.

regards,
/virendra

[0] http://support.microsoft.com/kb/934430

Jo¢ wrote:
> Greetings all
> 
> 
> I have a customer running with a Cisco 5500 series firewall. What were
> seeing (as a problem) is that there is a bit being flipped by the firewall
> in the packet header. The bit in question is the Congession Window Reduced
> or CWR bit. Under heavy load the target server is getting this bit as high
> and since (I am guessing) its that way dropping the session yet its not near
> capacity. It?s a Microsoft server as well. Not that I am knocking that but.
> Under the same situation a Linux/Apache server doesn't seem to care, and
> goes about its business. Anyone heard of this? I did searches regarding this
> but found (as per usual) tons of usless info.  I'm not sure why the packets
> are being changed by the ASA. I know there not hitting the firewall this way
> (Packet capture) but they are getting changed. Config mishap? Is the ASA
> throttling down stuff, and if so why not at the requesting party? 
> 
> Dunno. Completely baffled. Thanks In Advance!
> 
> -Joe
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ+e6DpbZvCIJx1bcRAiYcAKDsGJd2H4QNSB7Leqqc5LwX8Bu78ACgo43T
j6t3fKOELjTbgkP0qhBzzwg=
=krtL
-----END PGP SIGNATURE-----