VPN link breaks, which requires a router reboot--PLEASE HELP!

mark.white · ‎01-23-2008

We are having with our local Cisco PIX 515, whereby the site to site VPN to our PIX appears to be breaking, and not re-establishing itself, every 36 hours or so.

Upon further inpsection, the symptom that we see is a slow reduction in the number of available size 1550 (Ethernet) blocks (as shown by the 'show blocks' command). This count slowly reduces from about 2000, to zero, over a period of a day or so, after which the VPN link breaks, and a router reboot is required. No other error or status messages of importance appear in the syslog output, and device free memory stays constant at around 32Mb. The depletion happens at a constant rate, even under negligible traffic conditions, with device CPU usage low, at around 1%.

The IOS is 7.0(5).

Thanks in advance for your help.

Collin Clark · ‎01-29-2008

You can review the bugs for that code and if you open a TAC case they will probably suggest you update the code on the PIX. That would be the first place I would start. If that does not resolve the problem a TAC case is probably not a bad idea.

HTH

ajagadee · ‎01-29-2008

Mark,

Do you know if you can upgrade the chassis to 7.2(3). I have seen more success with 7.2 and IPSEC than 7.0.

Regards,

Arul

ajagadee · ‎01-29-2008

Mark,

The above message was specifically for ASA.

Since, you are running 7.0 on the pix, I would stay on 7.0 and go to the latest version 7.0(7) and see if the problem goes away. Also, 7.0(7) is a GD Code.

Regards,

Arul

mark.white · ‎02-04-2008

Thax for the all the input... I will see if I can convince the powers that be to upgrade the code. I've been looking through the caveats, but I couldn't find anything that suggest there was a bug close to this one. However at this point, it couldn't hurt to upgrade the code.

Again, thank you very much for the responses.