Here at our company we sell a lot of LANtoLAN VPN solutions using 506,515R and 515UR hardware. In the past everything has worked very well and our clients have been extremely pleased with the results. But the last four 515's (3 515R's, 515UR) are having a lot of problems just passing packets. It seems they can run from 10 minutes to 4 days but still the firewalls seem to seize. And when I say seize I mean you can't even console to them. All the devices are running 6.0.1, usually with a VPN Accelerator card in them. But even just running the chaise alone with no card additions, the systems still freeze and need to be rebooted. I do have a case open with three of the 515's and we are going to RMA those devices. These three units came from the same vendor and pretty much left the assembly line one after another. This leads me to believe that maybe it was just a bad batch and Cisco is working to correct problem and get these units back before they made it to customer sites. This morning though, I had yet another 515 fail at our office that I have been testing for the past few days. This PIX came from a different vendor and was bought about 45 days ago. Has anyone else seen these problems with PIX 515's? Here at our company we preach and preach and preach that Cisco firewall and VPN solutions are the best in the business. It's hard to sell and have confidence in that solution if the 515's that you are putting into place will not run for more than 30 minutes usually.
Thank you, any comments would be great.
he took the words right out of my mouth. Sounds very much like the code red virus or the newer Nimda virus. I had one 515 lock up completely because of the virus. Also check and see if your NAT address's are in the config before your PAT address's that was part of the problem we had including the virus problems.
I also have two 515UR's configured for failover that are locking-up. The primary unit will lock-up after only about 30 minutes of run time and the Secondary will run for a week or more before it locks up. The primary unit will even lock-up while it is in standby mode. I am at a total loss and have found no evidence of any virus on our network.
I have had EXACTLY the same problem. With TWO different 515's in a span of about 5 months. I had cases open about it all and we were never able to resolve anything because the log files would show nothing and you could not even console into it. Glad to hear someone else is having that problem.
At my company, we have had at least 3 customers with similar problems locking up 515's. These were all failover configs, and the problem only started after we upgraded to 6.0(1). Believe it or not, the problem went away after we connected all unused Ethernet ports with crossover cables and assigned them IP addresses. We found an obscure reference to the fact that failover won't work correctly unless all interfaces are connected. Putting the ports in shutdown isn't the thing to do. We did this for all 3 of our customers having this problem, and so far, the problem hasn't resurfaced.
Yup. Same problem here. Cisco Stated that it is a known issue and replaced the 515 with a 520 last week. No lockups since.
I would suggest contacted TAC and asked for the case to be made level 2
I too the same problem with 515 and version 6.1(1). Why did Cisco replace the 515 with a 520 - is the problem not fix'ed in any 515?
Cisco has reported that the 515's will lock under heavy load if the ethernet ports are set at 15mb or higher. It is a hardware flaw and Cisco is replacing the units for free. If you have yours set to 100mb and you are experiencing this, try setting your ports to 10mb. If it still happens, then it could be something else. If not, send in your PIX for a replacement.
I just recieved a replacement for the replacement with a manufacturing date of last year. Appartently there is a bad batch of PIX 515's.
I read through that document. It is isn't that issue because the PIX doesn't reset and communication stops on all interfaces and @ console. The fix is to upgrade the IOS to version 5.1.x but the system hang I have experienced happens on IOS 5.1 through 6.11
I do not believe that the Virus/worm answer is correct in this case ...
A Server behind our office's PIX 506 (6.0.1 IOS) got nailed by the Nimda worm and the PIX could not pass traffic until we unplugged the server from the LAN, but it did not lock up and it still accepted Telnet from the inside and the console still worked, once we unplugged the server things returned to normal ...
We will be getting the RMAed PIXes within the week, hopefully we do not have the same issues with the new ones ...
how do you determine the manufacturing date, and what version of PIX are you running. I am just configging one up which seems to hang when ever I cut it from the test environment to live.
Is the 515 a lemon?
We talked a TAC engineer yesterday about this issue and he told us that the batch of bad 515's that are out is a pretty big number. Big enough that if you RMAed a 515 within the last 3 weeks , chances are you will recieve another bad 515. Looks like this is going to take a while to resolve.
Several of our clients have had problems with 515's. Here is some interesting info:
I had an open case for over 6 weeks. Since yesterday, the case is resolved. CISCO will give you a new PIX 515, because there is a hardware-problem in the new 515-models. Contact the CISCO TAC.
See Field notice:
We just had our 515 replaced. The replacement procedure is listed in the notice.
You have to visit this site to confirm if it is affected of a manufacturers defect. If it is then you can ask for a replacement to Cisco System. Please note down the serial number and compare it.
here's the site - http://www.cisco.com/warp/public/770/fn15490.shtml
Sorry for been late..
I've installed a pix 515ur and a 515fo.Everything was working fine then bang, the pix started to hang/freeze. I contacted my supplier who stated that certain batches built between may2001 and oct 2001 were suspect and cisco are issusing a recall. This has left me in ... you can guess, but if I drop the speed to 10mbs it seems to help also i've been informed that memory is the suspect but at this moment in time i'll beleave anything..