Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

problems after Pix 515e upgrade from 6.34 to 7.12

Recently upgrade a PIX 515e from 6.34 to 7.12. Everything seemed to worked ok, but having a problem accessing some web sites. Basically, we allow all IP traffic from the 'inside' network. Some errors from log are:

609001: Built local-host outide:199.230.128.100

106015: Deny TCP (no connection) from djm/1646 to 199.230.128.100/80 flags ACK on interface inside

609002: teardown local-host ouside: 199.230.128.100 duration 0:00:00

Config is attached.....

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: problems after Pix 515e upgrade from 6.34 to 7.12

We are also seeing problems on the same platform. Have removed the HTTP inspection from the default inspection rule as a temporary workaround:

policy-map global_policy

class inspection_default

no inspect http

Still looking for a solution...

8 REPLIES
New Member

Re: problems after Pix 515e upgrade from 6.34 to 7.12

here's the config....

New Member

Re: problems after Pix 515e upgrade from 6.34 to 7.12

We are also seeing problems on the same platform. Have removed the HTTP inspection from the default inspection rule as a temporary workaround:

policy-map global_policy

class inspection_default

no inspect http

Still looking for a solution...

New Member

Re: problems after Pix 515e upgrade from 6.34 to 7.12

We hit the same bug yesterday - downgraded the Pix to 7.1.1 and it works fine. Bit of an annoying bug!

Bronze

Re: problems after Pix 515e upgrade from 6.34 to 7.12

Hi all,

It turns out that when you upgrade from 6.3 to 7.1, you cannot do it in one go, rather you would have to upgrade to version 7.0 first, then upgrade from 7.0 to 7.1, we tried this and we did not hear any complains from our customer...

Hope that helps, please don't forget to rate...

Regards,

New Member

Re: problems after Pix 515e upgrade from 6.34 to 7.12

New Member

Re: problems after Pix 515e upgrade from 6.34 to 7.12

I am also having this issue. lr.moore, you have helped me on EE as well, and you are a lot better than me at this stuff. Although, I don't think this is an MSS issue. I already have the MSS configured so I added a site to the access list that is now having the issue. It did not resolve the problem. Once I disabled http inspection, all was good. There are also more posts on the same issue on these forums, in case anyone wants to read more on it.

I think this is more a function of the fixup/inspection.

I also noticed some weird stuff with the ESMTP (which is enabled by default I think in 7.1.2). I disabled the ESMTP and everything was great again as well.

Bronze

Re: problems after Pix 515e upgrade from 6.34 to 7.12

Hi all,

It turns out that when you upgrade from 6.3 to 7.1, you cannot do it in one go, rather you would have to upgrade to version 7.0 first, then upgrade from 7.0 to 7.1, we tried this and we did not hear any complains from our customer...

Hope that helps, please don't forget to rate...

Regards,

New Member

Re: problems after Pix 515e upgrade from 6.34 to 7.12

I actually have an ASA5510 that started at 7.04 and I upgraded to 7.1.2. Do you have the http inspection enabled? I've got to believe this is a wide spread bug as I am not doing anything even close to complicated with the device.

163
Views
10
Helpful
8
Replies