Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX Ver. 6.3(1) 1

Status
Not open for further replies.
SteffenR

SteffenR

IS-IT--Management
Aug 8, 2002
7
DE
Hi Folks,
during testing the new PIX software version 6.3(1) we detected a bug in the software. If you are using IPSec VPN´s with ISAKMP it may be that the system will delete your ISAKMP policies. We found this phenomenon after upgrading allreday running PIX Firewalls.

Regards, Steffen
 
HI.

Thanks for the info.
Can you please provide some more details?

> it may be that the system will delete your ISAKMP policies
What does it mean?
Does the configuration change? Do you need to reboot?
What are the effects?
How did Cisco TAC respond if you have contacted them?
Is this issue mentioned in the release notes?



Yizhar Hurwitz
 
Hi Yizhar,

A colleague of work detected this phenomenon. As he told me the configuration will change. A reboot doesn´t work - but I´m not absolutely sure. I will ask him if there is anything helpfull to do.

The effects are predictable. With no ISAKMP policy you can`t get a successfull phase-1 negotiation. No ISAKMP SA will be created and so no Quick Mode will start.

I don´t know if my colleague contacted the TAC, because we are consultants and the bug was detected during tests at a customer. May be that the customer opened a trouble ticket. I will ask him about this too.

I don´t guess that this issue is mentioned in the release notes. I wrote this posting because in some other postings the new PIX version was been recommended. It also may be that the failure depends on other configuration details and the new PIX version will work well with other configurations.

Regards,

Steffen
 
We are planning to upgrade to 6.3.1. Have you heard anything else on this? Also in regard to the BUGTOOL KIT mentioned in the CISCO forum, What is it?
 
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
61
xwray
xwray
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
90
PauS0n
PauS0n
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
71
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
138
quazimotto
quazimotto
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
58
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top