Re: PIX Interface Errors

From: cty02496@xxxxxxxxxxxxxx
Date: Tue Mar 19 2002 - 01:04:26 GMT-3

• Next message: Jason: "RE: CCS11800,how to keep alive with Oralce server using script"
• Previous message: Joe Jia: "How to change route from O to IA in OSPF?"
• Maybe in reply to: Wright, Jeremy: "PIX Interface Errors"
• Next in thread: Wright, Jeremy: "RE: PIX Interface Errors"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I had a customer that was having problems with their PIX 515 hanging up, turns
out that a batch of 515's had
a bad chip set. Check on the CCO for PIX problems your PIX may fall into the
serial # range of the ones with the
bad chip sets. Cisco replaced their's free of charge. If I can find the
serial # range I will post it

John

Scott Morris wrote:

> Up the RAM. In a big way.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Wright, Jeremy
> Sent: Thursday, April 18, 2002 2:57 PM
> To: 'SCook@forsythesolutions.com'; Wright, Jeremy
> Cc: 'ccielab@groupstudy.com'; 'security@groupstudy.com'
> Subject: RE: PIX Interface Errors
>
> its a pix 515 with 32 MB of RAM. i have about 4 or 5 users that VPN to
> another company to get real time quotes.
>
> charger# show cpu usage
> CPU utilization for 5 seconds = 0%; 1 minute: 5%; 5 minutes: 1%
> charger# show ver
>
> Cisco PIX Firewall Version 6.1(1)
> Cisco PIX Device Manager Version 1.1(2)
>
> Compiled on Tue 11-Sep-01 07:45 by morlee
>
> charger up 23 days 13 hours
>
> Hardware: PIX-515, 32 MB RAM, CPU Pentium 200 MHz
> Flash i28F640J5 @ 0x300, 16MB
> BIOS Flash AT29C257 @ 0xfffd8000, 32KB
>
> 0: ethernet0: address is 0004.9ad0.b3a8, irq 11
> 1: ethernet1: address is 0004.9ad0.b3a9, irq 10
>
> Licensed Features:
> Failover: Disabled
> VPN-DES: Enabled
> VPN-3DES: Disabled
> Maximum Interfaces: 3
> Cut-through Proxy: Enabled
> Guards: Enabled
> Websense: Enabled
> Inside Hosts: Unlimited
> Throughput: Unlimited
> ISAKMP peers: Unlimited
>
> -----Original Message-----
> From: SCook@forsythesolutions.com [mailto:SCook@forsythesolutions.com]
> Sent: Thursday, April 18, 2002 1:24 PM
> To: Wright, Jeremy
> Subject: Re: PIX Interface Errors
>
> Jeremy,
>
> The overruns are occurring because the hardware buffers cannot handle the
> amount of traffic being pushed to this pix. Notice how high the "no
> buffer" counts are? If you don't mind sharing, what model PIX are you
> using, how many users do you have, and do you have an idea of how much
> traffic is crossing the firewall?
>
> Scott Cook
>
>
>
> "Wright, Jeremy"
>
> <JA_WRIGHT@admwor To:
> "'ccielab@groupstudy.com'" <ccielab@groupstudy.com>
>
> ld.com> cc:
> "'security@groupstudy.com'" <security@groupstudy.com>
>
> Sent by: Subject: PIX Interface
> Errors
> nobody@groupstudy
>
> .com
>
>
>
>
>
> 04/18/2002 01:07
>
> PM
>
> Please respond to
>
> "Wright, Jeremy"
>
>
>
>
>
> does anyone know what could possibly be causing intermittent drops on my
> pix. IP's have been removed to protect the innocent. Please notice the
> input
> errors and overruns on the interfaces match. any suggestions? TIA
>
> charger# sh int
> interface ethernet0 "outside" is up, line protocol is up
> Hardware is i82559 ethernet, address is 0004.9ad0.b3a8
> IP address , subnet mask
> MTU 1500 bytes, BW 100000 Kbit full duplex
> 13096920 packets input, 784948228 bytes, 2823487 no buffer
> Received 9832854 broadcasts, 0 runts, 0 giants
> 13652 input errors, 0 CRC, 0 frame, 13652 overrun, 0 ignored, 0
> abort
> 7828585 packets output, 261095618 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 0 babbles, 0 late collisions, 0 deferred
> 0 lost carrier, 0 no carrier
> input queue (curr/max blocks): hardware (128/128) software (0/178)
> output queue (curr/max blocks): hardware (0/128) software (0/50)
> interface ethernet1 "inside" is up, line protocol is up
> Hardware is i82559 ethernet, address is 0004.9ad0.b3a9
> IP address , subnet mask
> MTU 1500 bytes, BW 100000 Kbit full duplex
> 56368683 packets input, 1190253414 bytes, 3326433 no buffer
> Received 52447952 broadcasts, 0 runts, 0 giants
> 3702 input errors, 0 CRC, 0 frame, 3702 overrun, 0 ignored, 0 abort
> 569791 packets output, 234944145 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 0 babbles, 0 late collisions, 0 deferred
> 0 lost carrier, 0 no carrier
> input queue (curr/max blocks): hardware (128/128) software (0/169)
> output queue (curr/max blocks): hardware (1/27) software (0/15)
>
> ************************
> Jeremy Wright
> Network Analyst
> Archer Daniels Midland
> ja_wright@admworld.com
> (217)451-4063
>
> ************************

• Next message: Jason: "RE: CCS11800,how to keep alive with Oralce server using script"
• Previous message: Joe Jia: "How to change route from O to IA in OSPF?"
• Maybe in reply to: Wright, Jeremy: "PIX Interface Errors"
• Next in thread: Wright, Jeremy: "RE: PIX Interface Errors"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:12 GMT-3