Pix crashing with no crashinfo file

cisco24x7 · ‎10-07-2009

I have this problem that I am hoping someone can help me with:

Pix 515 (R) with 64M RAM and 16MF running 7.2(3). I have outside and inside interface.

Configuration is very simple I have a Linux host behind inside interface with

an IP address of 192.168.6.10/24 and be NAT'ed as follows:

static (inside,outside) 4.2.2.2 192.168.6.10 netmask 255.255.255.255

I have web server on the outside interface with an IP address of 4.2.2.10

inside interface IP address: 192.168.6.1/24

outside interface IP address: 4.2.2.1/24

On the Linux host, I run a program called "nkiller2" that can generate thousands

thousands of http connections to hit the web server.

When I start this program, I send about 20,000 http connections through the Pix515.

Using "show conn count", I saw that when the connection reaches about 10,000 connections,

the firewall goes into reboot. After the reboot, there is NO crashinfo in the flash

(verified with show flash:). In the flash, I have nothing except pix723.bin file so there

are plenty of spaces on the flash for crashinfo file.

Issue with this Pix is that I can NOT upgrade to version 8.0(4) or download to 7.0(8)

because the pix will reboot everything 5 minutes. With version 7.2(3), it is stable until

the connection goes over 10k connections.

Has anyone seen this before? Thanks.

Kureli Sankar · ‎10-07-2009

Did you issue "sh crash"? If there is no crash file found, then you need to connect the console and watch what the console prints.

what does "sh run logg" say? Do you have console logging enabled may be debug level. If so pls. disable that. How about http inspection is that enabled? If the connections do get established then, inspection will kick in.

I suggest that you open a TAC case and work with an engineer.