We upgraded our 525 active/failover cluster to 7.X and immediately began having issues with the devices failing over and back and CPU spiking. When this happened the telnet and enable passwords would become corrupt and we had to reset the passwords. TAC first said to upgrade to the latest code, 7.1(1) but that didn't help the situation. Downgrading to 7.04-8 has stopped the failovers and password issues, but the boxes are using 85%-90% memory and turning on syslogs with anything higher than warning will spike the cpu.
We never had any of these issues with 6.X train of code and I'm seriously considering downgrading to that code level again.
The high memory usage has me concerned. This box is fed by 2 OC3s (one very active and one not so much) aggregated via a 3550 and is our edge connection. I'm not fond of it having problems!
Cisco sais that the pix can handle 1.7GBit of traffic.
With a tac case lasting for nearly a month, five different TAC engineers, one sales and dev included, we found out that with version 7.0 (and 7.1), TCP traffic and multiple context's (we use three), pix is only able to handle 300-450MBit's of traffic. The cpu is bordering traffic. 7.0 and above has much more features, and though can handle not so much traffic.
7.0.4(8) (interim release) is a optimized version, but the difference in cpu utilization is not very big. You see the difference in show processes, the processes "557poll" and "snp_timer_thread" are not there.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :