Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix 525 fails with "show blocks" reducing to 0

Anyone seen this occur, there is something in the bug toolkit but not much. We have 2 firewalls running failover, we are running 6.1(1).

Periodically telnet/ssh access to the pix stops, console is ok, can ping fine, traffic through is ok. Suddenly pix dies and reboots, I have a copy of the before and after "show blocks" command

following is when console works but telnet doesn't

Pix525-UHW#sh blocks

SIZE MAX LOW CNT

4 1600 0 0

80 400 397 400

256 2500 2493 2499

1550 2468 218 220

2560 600 66 66

Below is when all fails

Pix525-UHW# sh block

SIZE MAX LOW CNT

4 1600 0 0

80 400 397 400

256 2500 2493 2499

1550 2471 0 0

2560 600 66 66

Pix after reboot

SIZE MAX LOW CNT

4 1600 1600 1600

80 400 392 393

256 2500 2459 2475

1550 2468 1686 1700

Anyone have any ideas, this happened in 6.0(1) as well.

3 REPLIES
New Member

Re: pix 525 fails with "show blocks" reducing to 0

I have something similiar and couldn’t find any bugs either. Have you talked to Cisco yet? Let me know what they come up with.

New Member

Re: pix 525 fails with "show blocks" reducing to 0

I have not had a problem with the blocks since I removed all vpn related commands on the firewall. I reset isakmp to default and removed all crypto map statements.

I only had two pc's connecting using vpn but it seems as if they are taking up resources which the firewall isn't releasing

my show blocks list is now

Pix525-UHW# sh block

SIZE MAX LOW CNT

4 1600 1574 1599

80 400 374 399

256 2500 2459 2498

1550 2468 1257 1697

New Member

Re: pix 525 fails with "show blocks" reducing to 0

I have a client that is running a PIX 515-r and needs to run Version 6.0(1) or higher for port redirection. They recently experienced a similar incident where the PIX would stay up for 30 seconds, then stop passing any traffic.

Cisco has a bug open (CSCdv65961) on 6.1 explaining about block count going to zero and traffic stops. They have a fix in V6.2, but it is not out on the download site. You'll probably need to open a TAC case for special file access.

181
Views
0
Helpful
3
Replies
CreatePlease to create content