VPN link breaks, which requires a router reboot--PLEASE HELP!

Unanswered Question

We are having with our local Cisco PIX 515, whereby the site to site VPN to our PIX appears to be breaking, and not re-establishing itself, every 36 hours or so.


Upon further inpsection, the symptom that we see is a slow reduction in the number of available size 1550 (Ethernet) blocks (as shown by the 'show blocks' command). This count slowly reduces from about 2000, to zero, over a period of a day or so, after which the VPN link breaks, and a router reboot is required. No other error or status messages of importance appear in the syslog output, and device free memory stays constant at around 32Mb. The depletion happens at a constant rate, even under negligible traffic conditions, with device CPU usage low, at around 1%.

The IOS is 7.0(5).


Thanks in advance for your help.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 01/29/2008 - 09:13
User Badges:
  • Purple, 4500 points or more

You can review the bugs for that code and if you open a TAC case they will probably suggest you update the code on the PIX. That would be the first place I would start. If that does not resolve the problem a TAC case is probably not a bad idea.


HTH

ajagadee Tue, 01/29/2008 - 09:52
User Badges:
  • Cisco Employee,

Mark,


Do you know if you can upgrade the chassis to 7.2(3). I have seen more success with 7.2 and IPSEC than 7.0.


Regards,

Arul

ajagadee Tue, 01/29/2008 - 11:16
User Badges:
  • Cisco Employee,

Mark,


The above message was specifically for ASA.


Since, you are running 7.0 on the pix, I would stay on 7.0 and go to the latest version 7.0(7) and see if the problem goes away. Also, 7.0(7) is a GD Code.


Regards,

Arul



Thax for the all the input... I will see if I can convince the powers that be to upgrade the code. I've been looking through the caveats, but I couldn't find anything that suggest there was a bug close to this one. However at this point, it couldn't hurt to upgrade the code.


Again, thank you very much for the responses.


Actions

This Discussion