I'm digging through the bug lists, but wanted to post here to see if anyone has had a similar problem. I have a pix-535 (PIX ios 6.3(1), PDM 3.0(0)141) that has stopped forwarding traffic twice now. The interfaces (6 physical and 12 logical) still appear to be up, but they don't forward traffic. I can't ping the interface for my vlan when this happens. Also, attempts to access the firewall via the console during these outages fail. I have to power cycle the pix to restore connectivity. Logs indicate nothing, other than a gap in syslog messages while the pix goes down and comes back up. Processor utilization is very low - around 1%. Interface utilization varies, but never reaches critical levels. Any similar experiences or ideas??
Do you have failover configured on your PIX. If yes, then you are probably facing the problem similar to that documented as bug CSCdt06447. Basically the problem has to do with running out of memory. As per the release notes, the bug has been fixed and version 6.3 should not be facing this problem. All the same, do have a look at the bug.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...