08-02-2007 05:59 AM - edited 03-11-2019 03:52 AM
Hi,
We have a PIX515E which appears to crash every so often, I have attached the "show crashinfo" output, has anybody seen this before or able to advise in any way?
Many thanks,
Paul
08-02-2007 06:11 AM
------------------ show startup-config errors ------------------
ERROR: Command requires failover license
^
ERROR: % Invalid input detected at '^' marker.
*** Output from config line 109, "ERROR: Command requires ..."
ERROR: Command requires failover license
^
ERROR: % Invalid input detected at '^' marker.
*** Output from config line 110, "ERROR: Command requires ..."
do you have failover commands on this pix? "sh run | includ failover"
is it part of a failover set?
08-02-2007 06:15 AM
Thanks for the quick reply!
The unit is standalone, there is no failover devices, that error has been present since the unit was purchased and first configured.
Thanks,
Paul
08-03-2007 01:27 AM
I have a very similar issue in that my 515 had been running without issue for ~2yrs uptime. Started with a reboot 2 weeks ago. Strange I thought & couldn't find a cause.
Since then it's been randomly re-booting (including when under no real load ie 1:30 am).
Fortunately (or so I thought) I have a spare running the same OS 7.0(1), so I transferred the config (No substantial config changes in the last 4 mths) to it and it too randomly reboots. I can attach a crash info if necessary.
The "spare" that is now live had been powered off for a year or more & kept in the comms room. All of which would strongly suggest an OS issue to me.
I don't have a current smartnet for the device so I cannot access the Support site to get any info on OS fixes etc. The way in which this has been changed is deplorable.
Anybody with anything further to add?
Regards,
Martin
08-03-2007 02:13 AM
There are many nasty bugs in early 7.0 releases that will cause the PIX to reboot.
Especially in 7.0(1) through 7.0(4).
Some of them are related to http or sip inspection. A workaround is to disable http and sip inspection. Even if that does not fix the problem, there are other serious problems in those versions as well.
You should contact the reseller or TAC to obtain fixed software.
08-03-2007 02:17 AM
Thanks for your input.
I'm trying to get a newer image from the re-seller. As I don't have CCO access, I'm not certain what release should be the best fix, or if for example I can go directly from 7.01 to 7.2
Regards,
M
08-03-2007 02:31 AM
I don't think that you get an upgrade from 7.0 to 7.2 for free without a service contract.
What you should get is 7.0.7.GD.
That's the first PIX 7 software that is a GD version so maybe it's not so bad anyway.
08-03-2007 02:38 AM
If 7.07GD is stable, that's all I require at this point. Anyway I don't know what "goodies" are in 7.02 in terms of enhanced functionality as I don't have CCO access :-(
That in itself doesn't make sense to me from a consumer point of view.
Many thanks for your info,
M
08-03-2007 03:12 AM
There are in fact many enhancements and new features in 7.2. Without a CCO account you can still check the release notes for new features: http://www.cisco.com/en/US/docs/security/pix/pix72/release/notes/pixrn72.html
If you don't need the new features, 7.0.7 is the most stable software you can get.
08-03-2007 04:40 AM
Mattias,
I have upgraded to 7.07; will post back in a couple of days/weeks if this fixes the issue, or sooner if not ;-)
Many thanks,
M
08-03-2007 06:09 AM
Guys,
Thanks for the replies - I didnt get the notifications by email of new posts! I am awaiting a SMARTnet contract on the firewall so we can upgrade IOS, I am hoping that will sort the issues.
MJPGallagher - Let us know how you get on, would be great to hear if you get the issue resolved :)
Thanks,
Paul
08-05-2007 11:21 PM
Unfortunately 7.0.7GD hasn't fixed the issue (although it does give more crash info); PIX rebooted twice on the 3rd Aug, post-upgrade and 6 times on the 4th, No times yesterday & not yet today... Extremely frustrating.
08-05-2007 11:32 PM
Can you attach the crash info?
08-06-2007 01:10 AM
08-06-2007 01:37 AM
Interesting, I have never seen a route_process crash before.
You are running RIP on at least one interface?
Is it always this process that crashes?
You could try to disable RIP if possible, to see if this is the cause.
I searched for bugs related to the route_process or RIP but I couldn't find anything. Perhaps it is time to open a TAC case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide