[c-nsp] pix upgrade to 7.x from 6.34

nevot r.nevot at gmail.com
Thu Feb 16 17:54:16 EST 2006


In the other way, I just recently (half an hour ago) downgraded a pair of
PIX515E because our VPNs were sistematically dropped every hour, making the
vpns unusable. Though I will wait our provider's response, I think version 7
is not still ready for use, at least not in a IPSEC VPN scenario.

Best regards

2006/2/16, Curtis Doty <Curtis at greenkey.net>:
>
> Joseph Jackson wrote:
> >             This weekend I am going to be upgrading the pix 525's we
> > have to 7.x I was planning on using 7.04 since that was the latest the
> > last time I looked but I just noticed that early this month cisco has
> > released 7.11.  Should I stick with 7.04 or  just move on up to 7.11?
> >
> > Anyone have any problems with that image yet?  What are your thoughts on
> > this?
> >
> I just upgraded a couple of installations. The feature set and usability
> of 7.x is much nicer than 6.x if you are already cozy with IOS exec
> dialects. Especially for interfaces, vlans, class/policy maps, and other
> things that visually benefit from indents. For example, in 6.x you might
> have to use this cruft:
>
> |pix6# show run | incl int|nameif|ip addr
> interface ethernet0 auto shutdown
> interface ethernet1 100full
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> no ip address outside
> ip address inside 192.168.0.1 255.255.255.0|
>
> Whereas on v7, it's simply:
>
> |pix7# show run int
> !
> interface Ethernet0
> description Whirled Wide Wonderweb
> shutdown
> nameif outside
> security-level 0
> no ip address
> !
> interface Ethernet1
> description Super Special Servers
> speed 100
> duplex full
> nameif inside
> security-level 100
> ||ip address 192.168.0.1 255.255.255.0|
>
> W00t! Plus it makes the PIX more ASA-like. The java app is a bit niftier
> too if that's your thing. And 7.1(1) claims to have resolved hundreds of
> bugs. Keep in mind the additional ram/flash requirements for 7.x.
>
> Unfortunately, my testing uncovered at least one show-stopper in the
> snmp process. I had the 515E crashing repeatedly every few hours from my
> own stress-test script. And this issue exists in *both* 7.x majors. Last
> week I finally got it escalated to engineering, but have not heard a
> word yet... Very frustrating, because I do much prefer administering
> v7.x over the older releases. So for now, these PIXii run 7.1(1) but I
> babysit them a little more closely.
>
> ../C
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list