Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1436
Views
0
Helpful
0
Comments

PIX 500 Series Firewall with software version 7.x crashes intermittently and continuously reboots with the Thread name Dispatch Unit error" message

TCC_2
Level 10
Level 10

‎06-22-2009 04:46 PM - edited ‎03-08-2019 06:20 PM

Core issue

This issue arises due to Cisco bug ID CSCse47150 in PIX Firewall version 7.2.1.

The presence of another bug CSCsd72617 can also trigger the same issue.

The PIX Firewall/Adaptive Security Appliance (ASA) running software version 7.2.1 can crash with the Thread name Dispatch Unit error when the Extended Simple Mail Transfer Protocol (ESMTP) inspection engine is enabled.

The issue canarise while you process segmented SMTP/ESMTP packets.

After an upgrade to software version 7.2.1, the PIX Firewall can continuously reboot when the ESMTP inspection engine is enabled. By default, ESMTP inspection is enabled.

The problem occurs when the data length for segmented packets are miscalculated.

Resolution

As a workaround for this issue, complete either one of these steps:

  • Disable the ESMTP inspection engine.

    Apply the no inspect esmtp command in the PIX /ASA global configuration as shown in this example:

    hostname (config)#policy-map global_policy
    hostname(config-pmap)#class inspection_default
    hostname(config-pmap-c)#no inspect esmtp 
  • Refer to Cisco Downloads and upgrade the software version to either version 7.2(1.17) or 7.3(0.67).
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents