PIX Reboot Daily 6.3(3)

Unanswered Question
Dec 27th, 2009

Hi,

My single uni cisco Pix with UR license keep rebooting from last 20 days approx, daily or after one day.

i enabled logging, the only message i received was

%PIX-1-101003: (Secondary) Failover cable not connected (this unit)

Though its a single unit and failover is not configured. can any tell me what might be the reason?

PIX# sh fail
Failover Off
Cable status: My side not connected
Reconnect timeout 0:00:00
Poll frequency 15 seconds

PIX# sh crash
No crash file found.

Please assist/

PIX#sh ver

Cisco PIX Firewall Version 6.3(3)

Compiled on Wed 13-Aug-03 13:55 by morlee

PIX up 1 hour 29 mins

Hardware:   AL440LX, 32 MB RAM, CPU Pentium II 266 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0090.273a.7654, irq 11
1: ethernet1: address is 0090.273a.7659, irq 10
2: ethernet2: address is 0090.2722.08d6, irq 9
Licensed Features:
Failover:                    Enabled
VPN-DES:                     Enabled
VPN-3DES-AES:                Enabled
Maximum Physical Interfaces: 6
Maximum Interfaces:          12
Cut-through Proxy:           Enabled
Guards:                      Enabled
URL-filtering:               Enabled
Inside Hosts:                Unlimited
Throughput:                  Unlimited
IKE peers:                   Unlimited

This PIX has an Unrestricted (UR) license.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vilaxmi Sun, 12/27/2009 - 17:50

I have heard of such issues with PIX  in failover pair which have FO or FO_AA license installed. If a failover unit with one of these licenses is used in
standalone mode, the unit will reboot at least once every 24 hours until the unit is returned to failover duty. A unit with an FO or FO_AA license operates in standalone mode if it is booted without being connected to a failover peer with a UR license. If the unit with a UR license in
a failover pair fails and is removed from the configuration, the unit with the FO or FO_AA license will not automatically reboot every 24 hours; it will operate uninterrupted unless the it is manually rebooted.

When the unit automatically reboots, the following message displays on the console:

    =========================NOTICE=========================

           This machine is running in secondary mode without

           a connection to an active primary PIX. Please

            check your connection to the primary system.


                   REBOOTING....

    ========================================================

Could you capture console logs ? Verfiy the license as well on the box.

HTH

Vijaya

ahmad82pkn Mon, 12/28/2009 - 12:30

Hi Vijay, You are right in FO license case, but mine is UR license, moreover this is single unit, no failover configuration as well, as shown by output in question.

I am remotely sitting so no option for console right now.

What else i can do to know cause of this frequent reboot ? :-s, You or any one else? please

Kureli Sankar Mon, 12/28/2009 - 14:37

Pls. watch what the logs show from the time of the reboot everyday.

We have seen issues where the cleaning crew just unplugged the device and plugged their vaccum cleaner in that outlet which caused a nightly reboot (believe it or not this has happened !!). So, pls. see what the logs say and we shall go from there. Since there is no crash file recorded I am thinking either it lost power or it is crashing without recording a crash file.

-KS

ahmad82pkn Mon, 12/28/2009 - 15:05

Hi kusankar,

Thank you for the input, we have already changed the power cord and power source fo the device with the help of onsight guys.

just want to confirm one thing i have enabledlogging in below fashoin

logging on
logging timestamp
logging buffered errors
logging trap alerts

logging host inside xxxx

is that enough? and i will be able to catch the cause of this reload? actually didnt work much on PIX logging,

Kureli Sankar Mon, 12/28/2009 - 17:42

Dec 28 2009 20:19:18: %ASA-4-411002: Line protocol on Interface dmz1, changed state to down

You should see messages that are logged in level 4 like the above.

Also if it was reloaded you would see this message that gets logged in level 5

Error Message    %PIX|ASA-5-199001: Reload command executed from telnet (remote 
IP_address).

I'd suggest to enable the trap logging to debug level just so, we don't miss any logs.
So, you need this line "loggin trap 7" and make sure the logging host is up and collecting the logs.

Next time a reload happens, issue a sh ver and caluclate the time it must have reloaded based on the up time and filter
the syslogs around the time of the problem and upload them here.

-KS

ahmad82pkn Tue, 12/29/2009 - 12:55

it happened again, i tried logging buffered 5 and logging trap 5, but it didnt catch any thing, will try for level 6 tonight.

cant go for level 7 debug, i am afraid i might lost the connection due to heavy number of messages, but that would be last option,

one thing to ask, if i connect a system with console access to pix firewall, will i get some better messages on console output?

Kureli Sankar Tue, 12/29/2009 - 13:07

If you still have the logs, pls. grep them by the level PIX-1 and then PIX-2,

PIX-3, PIX-4 and PIX-5.

Look in each level and see if it logged anything.

Connecting the console and leaving it collect the output to a text file is a good idea.  It might help.

-KS

Actions

This Discussion