Pix 525 running 7.1(1) dropping packets

Pix 525 running 7.1(1) dropping packets

Post by networksecurit » Fri, 28 Apr 2006 06:09:22



I recently upgraded to 7.1(1) on the pix 525 and have this problem that
every 4-5 days or so the firewall starts dropping packets, internet
access is slow or non-existant.  I use the blue cisco cable to
establish a serial connection to the firewall, and am either not able
to ping hosts at all, or I get a 20%-40% success rate when trying to
ping.  Whether I ping the outside router, inside hosts, or dmz hosts,
its the same result.   If I reboot the system, then seems to fix the
problem completely (until the next time, when it starts all over
again).    I am not running any logging on the server, so its not a
question of the flash filling up.  

Has anyone else had this problem ?

 
 
 

Pix 525 running 7.1(1) dropping packets

Post by networksecurit » Fri, 28 Apr 2006 07:02:49


I recently upgraded to 7.1(1) on the pix 525 and have this problem that
every 4-5 days or so the firewall starts dropping packets, internet
access is slow or non-existant.  I use the blue cisco cable to
establish a serial connection to the firewall, and am either not able
to ping hosts at all, or I get a 20%-40% success rate when trying to
ping.  Whether I ping the outside router, inside hosts, or dmz hosts,
its the same result.   If I reboot the system, then seems to fix the
problem completely (until the next time, when it starts all over
again).    I am not running any logging on the server, so its not a
question of the flash filling up.  

Has anyone else had this problem ?

 
 
 

Pix 525 running 7.1(1) dropping packets

Post by networksecurit » Fri, 28 Apr 2006 07:24:37


I recently upgraded to 7.1(1) on the pix 525 and have this problem that
every 4-5 days or so the firewall starts dropping packets, internet
access is slow or non-existant.  I use the blue cisco cable to
establish a serial connection to the firewall, and am either not able
to ping hosts at all, or I get a 20%-40% success rate when trying to
ping.  Whether I ping the outside router, inside hosts, or dmz hosts,
its the same result.   If I reboot the system, then seems to fix the
problem completely (until the next time, when it starts all over
again).    I am not running any logging on the server, so its not a
question of the flash filling up.  

Has anyone else had this problem ?

 
 
 

Pix 525 running 7.1(1) dropping packets

Post by Walter Robers » Fri, 28 Apr 2006 09:24:00




>I recently upgraded to 7.1(1) on the pix 525 and have this problem that
>every 4-5 days or so the firewall starts dropping packets, internet
>access is slow or non-existant.  I use the blue cisco cable to
>establish a serial connection to the firewall, and am either not able
>to ping hosts at all, or I get a 20%-40% success rate when trying to
>ping.  Whether I ping the outside router, inside hosts, or dmz hosts,
>its the same result.   If I reboot the system, then seems to fix the
>problem completely (until the next time, when it starts all over
>again).

I would be interested to know whether "clear xlate" or "clear local" affected
the situation?

Quote:> I am not running any logging on the server, so its not a
> question of the flash filling up.

But RAM might get fragmented. Try "show mem" -- in 6.x anyhow, that
shows the number of entries in each of the size pools. Normally the
values are nice an pyramidal, but when things go worng [at least in 6.x]
the numbers invert. I don't have a sample to show you, but when you've
seen it once you'd recognize it again.
 
 
 

Pix 525 running 7.1(1) dropping packets

Post by networksecurit » Sat, 29 Apr 2006 00:52:07


Actually I think this is the problem, show mem, shows the used memory
steadily increasing.  At the rate its going, it seems like it will
overflow in about 4-5 days.   This seems to be a memory leak -

Do you know if upgrading to 7.1(2) is supposed to resolve this.  I
didnt upgrade to 7.1(2) because of reported problems of the inside
interface dropping packets actually.

 
 
 

Pix 525 running 7.1(1) dropping packets

Post by Walter Robers » Sat, 29 Apr 2006 06:12:47




>Actually I think this is the problem, show mem, shows the used memory
>steadily increasing.  At the rate its going, it seems like it will
>overflow in about 4-5 days.   This seems to be a memory leak -
>Do you know if upgrading to 7.1(2) is supposed to resolve this.

Sorry, I don't know that. You could try looking through the bug lists
in the 7.1(2) release notes.