PIX515E Crashing

Unanswered Question
Aug 2nd, 2007

Hi,

We have a PIX515E which appears to crash every so often, I have attached the "show crashinfo" output, has anybody seen this before or able to advise in any way?

Many thanks,

Paul

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 08/02/2007 - 06:11

------------------ show startup-config errors ------------------

ERROR: Command requires failover license

^

ERROR: % Invalid input detected at '^' marker.

*** Output from config line 109, "ERROR: Command requires ..."

ERROR: Command requires failover license

^

ERROR: % Invalid input detected at '^' marker.

*** Output from config line 110, "ERROR: Command requires ..."

do you have failover commands on this pix? "sh run | includ failover"

is it part of a failover set?

paulehosting Thu, 08/02/2007 - 06:15

Thanks for the quick reply!

The unit is standalone, there is no failover devices, that error has been present since the unit was purchased and first configured.

Thanks,

Paul

MJPGallagher Fri, 08/03/2007 - 01:27

I have a very similar issue in that my 515 had been running without issue for ~2yrs uptime. Started with a reboot 2 weeks ago. Strange I thought & couldn't find a cause.

Since then it's been randomly re-booting (including when under no real load ie 1:30 am).

Fortunately (or so I thought) I have a spare running the same OS 7.0(1), so I transferred the config (No substantial config changes in the last 4 mths) to it and it too randomly reboots. I can attach a crash info if necessary.

The "spare" that is now live had been powered off for a year or more & kept in the comms room. All of which would strongly suggest an OS issue to me.

I don't have a current smartnet for the device so I cannot access the Support site to get any info on OS fixes etc. The way in which this has been changed is deplorable.

Anybody with anything further to add?

Regards,

Martin

mattiaseriksson Fri, 08/03/2007 - 02:13

There are many nasty bugs in early 7.0 releases that will cause the PIX to reboot.

Especially in 7.0(1) through 7.0(4).

Some of them are related to http or sip inspection. A workaround is to disable http and sip inspection. Even if that does not fix the problem, there are other serious problems in those versions as well.

You should contact the reseller or TAC to obtain fixed software.

MJPGallagher Fri, 08/03/2007 - 02:17

Thanks for your input.

I'm trying to get a newer image from the re-seller. As I don't have CCO access, I'm not certain what release should be the best fix, or if for example I can go directly from 7.01 to 7.2

Regards,

M

mattiaseriksson Fri, 08/03/2007 - 02:31

I don't think that you get an upgrade from 7.0 to 7.2 for free without a service contract.

What you should get is 7.0.7.GD.

That's the first PIX 7 software that is a GD version so maybe it's not so bad anyway.

MJPGallagher Fri, 08/03/2007 - 02:38

If 7.07GD is stable, that's all I require at this point. Anyway I don't know what "goodies" are in 7.02 in terms of enhanced functionality as I don't have CCO access :-(

That in itself doesn't make sense to me from a consumer point of view.

Many thanks for your info,

M

MJPGallagher Fri, 08/03/2007 - 04:40

Mattias,

I have upgraded to 7.07; will post back in a couple of days/weeks if this fixes the issue, or sooner if not ;-)

Many thanks,

M

paulehosting Fri, 08/03/2007 - 06:09

Guys,

Thanks for the replies - I didnt get the notifications by email of new posts! I am awaiting a SMARTnet contract on the firewall so we can upgrade IOS, I am hoping that will sort the issues.

MJPGallagher - Let us know how you get on, would be great to hear if you get the issue resolved :)

Thanks,

Paul

MJPGallagher Sun, 08/05/2007 - 23:21

Unfortunately 7.0.7GD hasn't fixed the issue (although it does give more crash info); PIX rebooted twice on the 3rd Aug, post-upgrade and 6 times on the 4th, No times yesterday & not yet today... Extremely frustrating.

mattiaseriksson Mon, 08/06/2007 - 01:37

Interesting, I have never seen a route_process crash before.

You are running RIP on at least one interface?

Is it always this process that crashes?

You could try to disable RIP if possible, to see if this is the cause.

I searched for bugs related to the route_process or RIP but I couldn't find anything. Perhaps it is time to open a TAC case.

MJPGallagher Mon, 08/06/2007 - 03:13

Yes, running rip passive v2 on inside & DMZ if's

Also it does *appear* to be route_process every time (only since upgrade to 7.0.7 do I get the PANIC statements) but yes the thread name is the same each time

regards,

M

mattiaseriksson Mon, 08/06/2007 - 03:21

I could not find any existing TAC case related to RIP, so this could be a new bug.

A workaround could be to disable RIP and use static routing only, or debug it to see exactly what RIP is doing when it crashes, and open a TAC case.

MJPGallagher Tue, 08/07/2007 - 06:59

I'll have to get a smartnet contract for this FW & see what I can find out with OS upgrades & TAC support. Thanks

Actions

This Discussion