[c-nsp] pix upgrade to 7.x from 6.34

Church, Chuck cchurch at netcogov.com
Thu Feb 16 19:01:01 EST 2006


 
>"In the other way, I just recently (half an hour ago) downgraded a pair
of
>PIX515E because our VPNs were sistematically dropped every hour, making
the
>vpns unusable. "

If it's every hour every time, it sounds like IKE SA lifetimes aren't
matching up.  It should default back to the smaller if they don't match,
but maybe it's buggy.  Are they the same?

Chuck 

2006/2/16, Curtis Doty <Curtis at greenkey.net>:
>
> Joseph Jackson wrote:
> >             This weekend I am going to be upgrading the pix 525's we
> > have to 7.x I was planning on using 7.04 since that was the latest
the
> > last time I looked but I just noticed that early this month cisco
has
> > released 7.11.  Should I stick with 7.04 or  just move on up to
7.11?
> >
> > Anyone have any problems with that image yet?  What are your
thoughts on
> > this?
> >
> I just upgraded a couple of installations. The feature set and
usability
> of 7.x is much nicer than 6.x if you are already cozy with IOS exec
> dialects. Especially for interfaces, vlans, class/policy maps, and
other
> things that visually benefit from indents. For example, in 6.x you
might
> have to use this cruft:
>
> |pix6# show run | incl int|nameif|ip addr
> interface ethernet0 auto shutdown
> interface ethernet1 100full
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> no ip address outside
> ip address inside 192.168.0.1 255.255.255.0|
>
> Whereas on v7, it's simply:
>
> |pix7# show run int
> !
> interface Ethernet0
> description Whirled Wide Wonderweb
> shutdown
> nameif outside
> security-level 0
> no ip address
> !
> interface Ethernet1
> description Super Special Servers
> speed 100
> duplex full
> nameif inside
> security-level 100
> ||ip address 192.168.0.1 255.255.255.0|
>
> W00t! Plus it makes the PIX more ASA-like. The java app is a bit
niftier
> too if that's your thing. And 7.1(1) claims to have resolved hundreds
of
> bugs. Keep in mind the additional ram/flash requirements for 7.x.
>
> Unfortunately, my testing uncovered at least one show-stopper in the
> snmp process. I had the 515E crashing repeatedly every few hours from
my
> own stress-test script. And this issue exists in *both* 7.x majors.
Last
> week I finally got it escalated to engineering, but have not heard a
> word yet... Very frustrating, because I do much prefer administering
> v7.x over the older releases. So for now, these PIXii run 7.1(1) but I
> babysit them a little more closely.
>
> ../C
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list