Re: PIX 506 Locking up

bigrut · ‎10-23-2002

I have a pix 506 on a small network. The ISP router is set in bridge mode. At least 15 times a day the pix stops forwarding traffic. I have set all of the timeouts to very low and seen no improvement. With logging set on I am getting almost continious ICMP messages from the ISP. The PIX is blocking the ICMP packets and I think that the PIX buffers eventually fill up and the PIX Stops forwarding. Is this correct or am I missing something?

Nairi Adamian · ‎10-23-2002

Is the console port responsive during this time?

Check the following two field notices from last year:

http://www.cisco.com/warp/public/770/fn15490.shtml

-Nairi

bigrut · ‎10-23-2002

I'm not sure. I have never seen the hang. I've just started troubleshooting this problem for a client. All i am told is they have to reboot the pix using the power switch. Hopefully I can see the problem today and also check against this notice.

bigrut · ‎10-24-2002

It appears that the users didn't give me the whole story. The unit stops forwarding traffic but they don't always reboot it. It shows that it has been up for 11 days now, but they say it stops forwarding traffic 15 -20 times a day. When it stops they wait anywhere from 5 to 20 minutes for it to start forwarding again. Any Ideas. Again I haven't seen the failure yet since I haven't been able to stay there for very long. The unit has the stickers on it that indicate it has the timing correction and the power connector fix. I am at a loss.

jlimbo · ‎10-25-2002

Here are some inital things you can check:

1. show blocks, do any have a zero count?

2. show proc cpu (6.x code) do you have high cpu?

3. during the outage can you ping the interfaces of the pix?

4. show interface do you get increasing no buffer counts? traffic rate?

5. Are you running vpn? Maybe the pix is overloaded

what version are you running?

-Jonathan