[c-nsp] pix upgrade to 7.x from 6.34

[Curtis Doty]

Joseph Jackson wrote:
>             This weekend I am going to be upgrading the pix 525's we
> have to 7.x I was planning on using 7.04 since that was the latest the
> last time I looked but I just noticed that early this month cisco has
> released 7.11.  Should I stick with 7.04 or  just move on up to 7.11?  
>
> Anyone have any problems with that image yet?  What are your thoughts on
> this?
>   
I just upgraded a couple of installations. The feature set and usability 
of 7.x is much nicer than 6.x if you are already cozy with IOS exec 
dialects. Especially for interfaces, vlans, class/policy maps, and other 
things that visually benefit from indents. For example, in 6.x you might 
have to use this cruft:

|pix6# show run | incl int|nameif|ip addr
interface ethernet0 auto shutdown
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
no ip address outside
ip address inside 192.168.0.1 255.255.255.0|

Whereas on v7, it's simply:

|pix7# show run int
!
interface Ethernet0
 description Whirled Wide Wonderweb
 shutdown
 nameif outside
 security-level 0
 no ip address
!
interface Ethernet1
 description Super Special Servers
 speed 100
 duplex full
 nameif inside
 security-level 100
 ||ip address 192.168.0.1 255.255.255.0|

W00t! Plus it makes the PIX more ASA-like. The java app is a bit niftier 
too if that's your thing. And 7.1(1) claims to have resolved hundreds of 
bugs. Keep in mind the additional ram/flash requirements for 7.x.

Unfortunately, my testing uncovered at least one show-stopper in the 
snmp process. I had the 515E crashing repeatedly every few hours from my 
own stress-test script. And this issue exists in *both* 7.x majors. Last 
week I finally got it escalated to engineering, but have not heard a 
word yet... Very frustrating, because I do much prefer administering 
v7.x over the older releases. So for now, these PIXii run 7.1(1) but I 
babysit them a little more closely.

../C