D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: bandit69 on November 08, 2012, 03:48:24 PM

Title: mismatching_tcp_window_scale
Post by: bandit69 on November 08, 2012, 03:48:24 PM

I really need help with this error I keep getting on my DFL-1660 at HQ on trying to connect a DFL-210 based branch location. This is my config:
DFL-1660
LAN - 172.20.10.0/24; WAN - 10.0.10.0/24 (this is a VLAN provided by my ISP over trunk link carrying WAN and Internet on wan1 interface). wan1 ip is a public IP 196.x.x.x
Route: Core  172.20.30.0/24  wan1-gw
IP Rules: Allow  lan1  lan1net any 172.20.20.0/24
             Allow any 172.20.20.0/24  lan1  lan1net

DFL-210
LAN - 172.20.20.0/24; WAN - 10.0.20.0/24 (wan1 ip is 10.0.20.1)
Route: Core  172.20.10.0/24  wan1-gw
IP Rules: Allow  lan1  lan1net any 172.20.10.0/24
             Allow any 172.20.10.0/24  lan1  lan1net

Now the funny thing is I can ping DFL-1660 LAN ips from the DFL-210 and vice versa but cannot do anything else i.e. no remote desktop connections or any other protocol. Once you try any of these you get a mismatching_tcp_window_scale abort event on the DFL-1660.
PLEASE SOS!

Title: Re: mismatching_tcp_window_scale
Post by: bandit69 on November 09, 2012, 02:51:40 AM

Sorry for the error earlier (branch LAN that the DFL-1660 is trying to get to is 172.20.20.0/24, not 172.20.30.0/24), the correct config is this:

DFL-1660
LAN - 172.20.10.0/24; WAN - 10.0.10.0/24 (this is a VLAN provided by my ISP over trunk link carrying WAN and Internet on wan1 interface). wan1 ip is a public IP 196.x.x.x
Route: Core  172.20.20.0/24  wan1-gw
IP Rules: Allow  lan1  lan1net any 172.20.20.0/24 All Services
             Allow any 172.20.20.0/24  lan1  lan1net All Services

DFL-210
LAN - 172.20.20.0/24; WAN - 10.0.20.0/24 (wan1 ip is 10.0.20.1)
Route: Core  172.20.10.0/24  wan1-gw
IP Rules: Allow  lan1  lan1net any 172.20.10.0/24 All Services
             Allow any 172.20.10.0/24  lan1  lan1net All Services

Now the funny thing is I can ping DFL-1660 LAN ips from the DFL-210 and vice versa but cannot do anything else i.e. no remote desktop connections or any other protocol. Once you try any of these you get a mismatching_tcp_window_scale abort event on the DFL-1660.
PLEASE SOS

Title: Re: mismatching_tcp_window_scale
Post by: bandit69 on November 10, 2012, 03:13:01 PM

No comments? Am really getting desperate here. Am I doing anything wrong? Danilov any ideas?

Title: Re: mismatching_tcp_window_scale
Post by: danilovav on November 20, 2012, 01:27:00 PM

Unfortunately, i have no idea...

Try to set System > Advanced settings > TCP options > TCP Option WSOPT to StripSilent.

Also, to avoid ISP configuration affect, try to make IPsec or at least GRE over ISP provided VLAN and route your internal traffic over the tunnel.