Re: [c-nsp] Self rebooting pix?
We had this issue on a 525 and opened a TAC case. We provided Cisco with sh tech (I think) and the root cause was a code issue (ver. 6.x) concerning the number of connections. Never called the TAC here but that sounds about right. At the time we experienced this we were adding PAT mappings as well as steadily increasing the amount of IPSEC client connections and adding user accounts. 7.0 series has user account corruption issue and we have a case open on it, though I hope to go Justin's way and have an ASA here in the near future. ~JasonG ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
We've had a few PIX-501s overheat. No internal fans, so they are susceptible. We've also had one or two of these have problems with the power connector. It would boot and run, but slight movement of the power connector on the box would cause it to loose connection momentarily and reset. In both cases, symptoms are similar to what you describe. Sincerely, Michael Malitsky Message: 7 Date: Mon, 25 Jan 2010 15:22:38 -0800 From: Scott Granados gsgrana...@comcast.net To: cisco-nsp@puck.nether.net Subject: [c-nsp] Self rebooting pix? Hi All, I'm having a strange problem and not much diagnostic output so maybe I can get some pointers as to what to look at next. I have a Pix 501 with a non restrictive license that I'm using as a general firewall and nat device. There's a 10 megabit ethernet connection handing a statically routed Internet feed on the WAN side and a 100 megabit fast E which connects to a core switch. We nat probably about 50 - 100 users at a time and the throughput over the public pathway is less than 8 megabits for the most part and generally stays around 3 - 5. The output of show cpu usage shows a usage of between 10 and 20 percent with lows of 4% and highs around 25. Randomly through out the day the connection / device will hang, the switch it's attached to shows the ethernet port go down and come back up a few times then packets start to flow again. After the most recent event I did a show ver on the Pix and saw that the uptime was less than 2 minutes. After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. Show log doesn't yield anything interesting and the syslog server that captures the log output doesn't have any messages around the time of the outages either. Total traffic disruption lasts for approximately 30 seconds. The time of day is random and it does not seem to increase in frequency with bursts in traffic. I've obviously checked and insure that the power cables are firmly attached and the network cables are securely attached as well. What other things should I try? Are there any other show commands that might yield some more clues? Has anyone else experienced this. The software rev is 6.3. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
Jason Gurtz wrote: After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. [...] experienced this. The software rev is 6.3. We experienced this on a 515E running 6.3 code. A move to the 7.0 series solved this issue. Same thing here. It would crash about once a month on us but the duration was show short that it was seldom ever noticed. It only took 45 seconds to boot. We solved it by installing ASAs. :-) Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
The point of termination between the pix and the power supply end point (shaped like a 7) is a known issue. If it moves at all or gets bumped at all it will reboot the devices. To rule this out you can try to zip tie it to the device in an effort to keep it still. If there is no possible movement and it still occurs it is most likely overheating as previously mentioned. On Jan 27, 2010, at 1:30 PM, Justin Shore wrote: Jason Gurtz wrote: After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. [...] experienced this. The software rev is 6.3. We experienced this on a 515E running 6.3 code. A move to the 7.0 series solved this issue. Same thing here. It would crash about once a month on us but the duration was show short that it was seldom ever noticed. It only took 45 seconds to boot. We solved it by installing ASAs. :-) Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
Tried that as well as with a new cable, still no luck. Next I'm going to capture the console output and see if that sheds any light on anything. - Original Message - From: Jason LeBlanc jasonlebl...@gmail.com To: Justin Shore jus...@justinshore.com Cc: cisco-nsp@puck.nether.net Sent: Wednesday, January 27, 2010 1:49 PM Subject: Re: [c-nsp] Self rebooting pix? The point of termination between the pix and the power supply end point (shaped like a 7) is a known issue. If it moves at all or gets bumped at all it will reboot the devices. To rule this out you can try to zip tie it to the device in an effort to keep it still. If there is no possible movement and it still occurs it is most likely overheating as previously mentioned. On Jan 27, 2010, at 1:30 PM, Justin Shore wrote: Jason Gurtz wrote: After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. [...] experienced this. The software rev is 6.3. We experienced this on a 515E running 6.3 code. A move to the 7.0 series solved this issue. Same thing here. It would crash about once a month on us but the duration was show short that it was seldom ever noticed. It only took 45 seconds to boot. We solved it by installing ASAs. :-) Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
We had this issue on a 525 and opened a TAC case. We provided Cisco with sh tech (I think) and the root cause was a code issue (ver. 6.x) concerning the number of connections. The issue was resolved with an update to the code. Sorry would like to confirm that the issue is most likely a code problem but doing this from memory. On Wed, Jan 27, 2010 at 6:44 PM, Scott Granados gsgrana...@comcast.netwrote: Tried that as well as with a new cable, still no luck. Next I'm going to capture the console output and see if that sheds any light on anything. - Original Message - From: Jason LeBlanc jasonlebl...@gmail.com To: Justin Shore jus...@justinshore.com Cc: cisco-nsp@puck.nether.net Sent: Wednesday, January 27, 2010 1:49 PM Subject: Re: [c-nsp] Self rebooting pix? The point of termination between the pix and the power supply end point (shaped like a 7) is a known issue. If it moves at all or gets bumped at all it will reboot the devices. To rule this out you can try to zip tie it to the device in an effort to keep it still. If there is no possible movement and it still occurs it is most likely overheating as previously mentioned. On Jan 27, 2010, at 1:30 PM, Justin Shore wrote: Jason Gurtz wrote: After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. [...] experienced this. The software rev is 6.3. We experienced this on a 515E running 6.3 code. A move to the 7.0 series solved this issue. Same thing here. It would crash about once a month on us but the duration was show short that it was seldom ever noticed. It only took 45 seconds to boot. We solved it by installing ASAs. :-) Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
I have experienced this exact same issue as well. I was told by my SE that it had to do with the way the input was connected to the rest of the unit. Scott On Jan 25, 2010, at 8:55 PM, Vincent C Jones wrote: Another possibility, given that it is a PIX501, is a loose power connection. Some of the older PIX 501s were so sensitive it seemed they would power cycle if you so much as looked at them. Moving the box, or even bumping into the desk they were on, could reboot them. Crazy, because otherwise they are solid and will run for years with no issues. Good luck and good hunting! -- Vincent C. Jones Networking Unlimited, Inc. Phone: +1 201 568-7810 v.jo...@networkingunlimited.com On Mon, 2010-01-25 at 18:46 -0500, Jason Gurtz wrote: After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. [...] experienced this. The software rev is 6.3. We experienced this on a 515E running 6.3 code. A move to the 7.0 series solved this issue. I can't remember what exactly we saw using console but IIRC was something like runaway memory use. ~JasonG ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Scott Keoseyan sc...@labyrinth.org 704-443-8229 Homepage - http://www.labyrinth.org/homepages/scott Blog - http://www.labyrinth.org/wp1 PGP Key - http://www.labyrinth.org/homepages/scott/pgp.html ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Self rebooting pix?
Hi All, I'm having a strange problem and not much diagnostic output so maybe I can get some pointers as to what to look at next. I have a Pix 501 with a non restrictive license that I'm using as a general firewall and nat device. There's a 10 megabit ethernet connection handing a statically routed Internet feed on the WAN side and a 100 megabit fast E which connects to a core switch. We nat probably about 50 - 100 users at a time and the throughput over the public pathway is less than 8 megabits for the most part and generally stays around 3 - 5. The output of show cpu usage shows a usage of between 10 and 20 percent with lows of 4% and highs around 25. Randomly through out the day the connection / device will hang, the switch it's attached to shows the ethernet port go down and come back up a few times then packets start to flow again. After the most recent event I did a show ver on the Pix and saw that the uptime was less than 2 minutes. After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. Show log doesn't yield anything interesting and the syslog server that captures the log output doesn't have any messages around the time of the outages either. Total traffic disruption lasts for approximately 30 seconds. The time of day is random and it does not seem to increase in frequency with bursts in traffic. I've obviously checked and insure that the power cables are firmly attached and the network cables are securely attached as well. What other things should I try? Are there any other show commands that might yield some more clues? Has anyone else experienced this. The software rev is 6.3. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
We had a similar problem with a PIX-525 (or was it the 520) with 6.3, We assumed it was hardware issues and replaced it, but if you have a computer you can stick on the console port, and have it's terminal program log everything to a file, it may provide more information. Scott Granados wrote: Hi All, I'm having a strange problem and not much diagnostic output so maybe I can get some pointers as to what to look at next. I have a Pix 501 with a non restrictive license that I'm using as a general firewall and nat device. There's a 10 megabit ethernet connection handing a statically routed Internet feed on the WAN side and a 100 megabit fast E which connects to a core switch. We nat probably about 50 - 100 users at a time and the throughput over the public pathway is less than 8 megabits for the most part and generally stays around 3 - 5. The output of show cpu usage shows a usage of between 10 and 20 percent with lows of 4% and highs around 25. Randomly through out the day the connection / device will hang, the switch it's attached to shows the ethernet port go down and come back up a few times then packets start to flow again. After the most recent event I did a show ver on the Pix and saw that the uptime was less than 2 minutes. After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. Show log doesn't yield anything interesting and the syslog server that captures the log output doesn't have any messages around the time of the outages either. Total traffic disruption lasts for approximately 30 seconds. The time of day is random and it does not seem to increase in frequency with bursts in traffic. I've obviously checked and insure that the power cables are firmly attached and the network cables are securely attached as well. What other things should I try? Are there any other show commands that might yield some more clues? Has anyone else experienced this. The software rev is 6.3. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
Ah that's a good idea, I can give that a shot. - Original Message - From: Walter Keen walter.k...@rainierconnect.net To: Scott Granados gsgrana...@comcast.net Cc: cisco-nsp@puck.nether.net Sent: Monday, January 25, 2010 3:27 PM Subject: Re: [c-nsp] Self rebooting pix? We had a similar problem with a PIX-525 (or was it the 520) with 6.3, We assumed it was hardware issues and replaced it, but if you have a computer you can stick on the console port, and have it's terminal program log everything to a file, it may provide more information. Scott Granados wrote: Hi All, I'm having a strange problem and not much diagnostic output so maybe I can get some pointers as to what to look at next. I have a Pix 501 with a non restrictive license that I'm using as a general firewall and nat device. There's a 10 megabit ethernet connection handing a statically routed Internet feed on the WAN side and a 100 megabit fast E which connects to a core switch. We nat probably about 50 - 100 users at a time and the throughput over the public pathway is less than 8 megabits for the most part and generally stays around 3 - 5. The output of show cpu usage shows a usage of between 10 and 20 percent with lows of 4% and highs around 25. Randomly through out the day the connection / device will hang, the switch it's attached to shows the ethernet port go down and come back up a few times then packets start to flow again. After the most recent event I did a show ver on the Pix and saw that the uptime was less than 2 minutes. After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. Show log doesn't yield anything interesting and the syslog server that captures the log output doesn't have any messages around the time of the outages either. Total traffic disruption lasts for approximately 30 seconds. The time of day is random and it does not seem to increase in frequency with bursts in traffic. I've obviously checked and insure that the power cables are firmly attached and the network cables are securely attached as well. What other things should I try? Are there any other show commands that might yield some more clues? Has anyone else experienced this. The software rev is 6.3. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. [...] experienced this. The software rev is 6.3. We experienced this on a 515E running 6.3 code. A move to the 7.0 series solved this issue. I can't remember what exactly we saw using console but IIRC was something like runaway memory use. ~JasonG -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
