Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX515E Crashing

Hi,

We have a PIX515E which appears to crash every so often, I have attached the "show crashinfo" output, has anybody seen this before or able to advise in any way?

Many thanks,

Paul

17 REPLIES
Gold

Re: PIX515E Crashing

------------------ show startup-config errors ------------------

ERROR: Command requires failover license

^

ERROR: % Invalid input detected at '^' marker.

*** Output from config line 109, "ERROR: Command requires ..."

ERROR: Command requires failover license

^

ERROR: % Invalid input detected at '^' marker.

*** Output from config line 110, "ERROR: Command requires ..."

do you have failover commands on this pix? "sh run | includ failover"

is it part of a failover set?

Community Member

Re: PIX515E Crashing

Thanks for the quick reply!

The unit is standalone, there is no failover devices, that error has been present since the unit was purchased and first configured.

Thanks,

Paul

Community Member

Re: PIX515E Crashing

I have a very similar issue in that my 515 had been running without issue for ~2yrs uptime. Started with a reboot 2 weeks ago. Strange I thought & couldn't find a cause.

Since then it's been randomly re-booting (including when under no real load ie 1:30 am).

Fortunately (or so I thought) I have a spare running the same OS 7.0(1), so I transferred the config (No substantial config changes in the last 4 mths) to it and it too randomly reboots. I can attach a crash info if necessary.

The "spare" that is now live had been powered off for a year or more & kept in the comms room. All of which would strongly suggest an OS issue to me.

I don't have a current smartnet for the device so I cannot access the Support site to get any info on OS fixes etc. The way in which this has been changed is deplorable.

Anybody with anything further to add?

Regards,

Martin

Re: PIX515E Crashing

There are many nasty bugs in early 7.0 releases that will cause the PIX to reboot.

Especially in 7.0(1) through 7.0(4).

Some of them are related to http or sip inspection. A workaround is to disable http and sip inspection. Even if that does not fix the problem, there are other serious problems in those versions as well.

You should contact the reseller or TAC to obtain fixed software.

Community Member

Re: PIX515E Crashing

Thanks for your input.

I'm trying to get a newer image from the re-seller. As I don't have CCO access, I'm not certain what release should be the best fix, or if for example I can go directly from 7.01 to 7.2

Regards,

M

Re: PIX515E Crashing

I don't think that you get an upgrade from 7.0 to 7.2 for free without a service contract.

What you should get is 7.0.7.GD.

That's the first PIX 7 software that is a GD version so maybe it's not so bad anyway.

Community Member

Re: PIX515E Crashing

If 7.07GD is stable, that's all I require at this point. Anyway I don't know what "goodies" are in 7.02 in terms of enhanced functionality as I don't have CCO access :-(

That in itself doesn't make sense to me from a consumer point of view.

Many thanks for your info,

M

Re: PIX515E Crashing

There are in fact many enhancements and new features in 7.2. Without a CCO account you can still check the release notes for new features: http://www.cisco.com/en/US/docs/security/pix/pix72/release/notes/pixrn72.html

If you don't need the new features, 7.0.7 is the most stable software you can get.

Community Member

Re: PIX515E Crashing

Mattias,

I have upgraded to 7.07; will post back in a couple of days/weeks if this fixes the issue, or sooner if not ;-)

Many thanks,

M

Community Member

Re: PIX515E Crashing

Guys,

Thanks for the replies - I didnt get the notifications by email of new posts! I am awaiting a SMARTnet contract on the firewall so we can upgrade IOS, I am hoping that will sort the issues.

MJPGallagher - Let us know how you get on, would be great to hear if you get the issue resolved :)

Thanks,

Paul

Community Member

Re: PIX515E Crashing

Unfortunately 7.0.7GD hasn't fixed the issue (although it does give more crash info); PIX rebooted twice on the 3rd Aug, post-upgrade and 6 times on the 4th, No times yesterday & not yet today... Extremely frustrating.

Re: PIX515E Crashing

Can you attach the crash info?

Community Member

Re: PIX515E Crashing

Crash log attached...

Re: PIX515E Crashing

Interesting, I have never seen a route_process crash before.

You are running RIP on at least one interface?

Is it always this process that crashes?

You could try to disable RIP if possible, to see if this is the cause.

I searched for bugs related to the route_process or RIP but I couldn't find anything. Perhaps it is time to open a TAC case.

Community Member

Re: PIX515E Crashing

Yes, running rip passive v2 on inside & DMZ if's

Also it does *appear* to be route_process every time (only since upgrade to 7.0.7 do I get the PANIC statements) but yes the thread name is the same each time

regards,

M

Re: PIX515E Crashing

I could not find any existing TAC case related to RIP, so this could be a new bug.

A workaround could be to disable RIP and use static routing only, or debug it to see exactly what RIP is doing when it crashes, and open a TAC case.

Community Member

Re: PIX515E Crashing

I'll have to get a smartnet contract for this FW & see what I can find out with OS upgrades & TAC support. Thanks

184
Views
0
Helpful
17
Replies
CreatePlease to create content