09-29-2003 06:22 AM - edited 02-20-2020 11:01 PM
Hey all,
I looked around but didn't see this before. I'm running two 515's in failover on 6.3(3).
Over the weekend, the Turbo ACL (only 32 elements) applied to my outside interface stopped working. This happened at 4am, so it wasn't due to any changes in configuration. As a result, all inbound connections to static hosts were refused and logged as denied.
I was able to correct it by removing the ACL and re-applying it to the PIX. The 515 had been running 6.3(3) for a week prior to this happening.
Has anyone seen this before?
Thanks,
-Joshua
10-03-2003 10:29 AM
My search for a bug dealing with Turbo ACL's and PIX os 6.3(3) did not return anything. The turbo ACL feature only serves to reduce the size of the ACL. I dont think the ACL's not getting compiled would result in the behaviour you saw. Guess you might be running into some other bug.
10-03-2003 10:47 AM
Yeah, I figured it was a bug. How would one go about reporting bugs to Cisco when maintenance on the device is handled through a third party?
Thanks,
-Joshua
10-03-2003 01:28 PM
Are there any significant benefits in using TurboACL on a ACL with only 32 entries ?
02-23-2004 06:32 AM
Hey All,
I just ran into this problem again on the 525 platform.
A 'show access-list' returns the following corrupted information:
psifw01# show access-list
TurboACL statistics:
ACL State Memory(KB)
----------------------- ----------- ----------
xV4xV4xV4<<<
Operational 5
Shared memory usage: 2058 KB
The problem is corrected by removing the "access-list
psifw01# show access-list
TurboACL statistics:
ACL State Memory(KB)
----------------------- ----------- ----------
access_outside
Operational 1
NATExclusion
Operational 5
Shared memory usage: 2058 KB
Any ideas?
06-29-2004 07:57 AM
Hi
I´m with this problem over 2 PIX 515E (failover) 6.3 (3) using Turbo ACL, and dropping all traffic for 3 perimeters every month.
Someone has any idea to bypass???
06-29-2004 09:44 AM
You might want to give 6.3(3.133)+ a shot. I haven't experienced these issues with one of the updated maintenance releases.
06-29-2004 05:16 PM
Thank you for your answer.
Where can I get these maintenance releases. I found few references to it at Cisco site and no download links...
Thank you again, Franzin
06-29-2004 05:33 PM
To get a copy of the maintenance release, you need to request it from the TAC. If you don't have a support contract with Cisco anymore, you should still be able to get a copy of the release based on this security advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml
Scroll down to the section labeled "Customers without Service Contracts".
I can't guarantee that these new releases fix the problem, but I haven't had the issue occur since I upgraded past 6.3(3).
Regards,
-Joshua
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: