[c-nsp] pix upgrade to 7.x from 6.34

Brant I. Stevens branto at branto.com
Sat Feb 18 14:49:35 EST 2006 

Ditto the sentiments on the usability of the 7.x code.  One caveat on the
515E family is to be wary of memory consumption, especially if you only have
64MB of RAM.  

Another issue to be aware of is an issue with reaching some websites.  (
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note0918
6a00804c8b9f.shtml, or, http://alnk.org/smartgig)

You might end up pulling your hair out trying to figure it out.

For me, the pseudo-hitless IPSec VPN failover is most welcomed.


On 2/18/06 12:27 PM, "Jim McBurnett" <jim at tgasolutions.com> wrote:

> I have 7.x running in several sites, and have not seen the VPN problems.
> With the exception of the pre-shared key note below and the split tunnel
> standard access list bugs, I have had pretty good success.
> 
> I think 7.11 fixed both of these issues..
> 
> 
> Jim 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joseph Jackson
> Sent: Saturday, February 18, 2006 3:26 AM
> To: Adam Maloney; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] pix upgrade to 7.x from 6.34
> 
> Well I did the upgrade an hour ago and everything seemed to go ok.  One
> thing I did notice was that for our remote vpn users I had to add back
> in the dns server info.  Also have to redo the pre-shared key for the
> site to sites stuff but other than that it went really well.
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Adam Maloney
> Sent: Friday, February 17, 2006 6:01 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] pix upgrade to 7.x from 6.34
> 
> That was remote users.  I have 76 l2l sessions with quite a few up for
> multiple days:
> 
> Duration     : 10d 4h:10m:17s
> Duration     : 9d 3h:52m:48s
> Duration     : 9d 3h:52m:48s
> Duration     : 9d 3h:52m:48s
> Duration     : 8d 3h:50m:55s
> Duration     : 8d 0h:12m:55s
> Duration     : 7d 21h:22m:00s
> Duration     : 9d 3h:52m:29s
> Duration     : 9d 3h:52m:27s
> Duration     : 9d 3h:52m:11s
> Duration     : 9d 3h:51m:52s
> Duration     : 10d 3h:01m:41s
> Duration     : 8d 17h:48m:13s
> Duration     : 10d 3h:01m:41s
> Duration     : 7d 9h:50m:39s
> Duration     : 9d 3h:51m:32s
> Duration     : 7d 5h:40m:28s
> Duration     : 7d 20h:22m:07s
> Duration     : 9d 3h:51m:04s
> Duration     : 9d 3h:51m:04s
> Duration     : 9d 3h:51m:04s
> Duration     : 9d 3h:51m:04s
> Duration     : 9d 3h:48m:44s
> Duration     : 9d 3h:47m:36s
> Duration     : 8d 12h:02m:56s
> Duration     : 9d 3h:13m:43s
> Duration     : 9d 3h:13m:31s
> 
> 
> On Fri, 17 Feb 2006, nevot wrote:
> 
>> Remote users or remote lans?
>> I am talking about lan2lan vpns
>> 
>> 
>> 2006/2/17, Adam Maloney <adam at whee.org>:
>>> 
>>> On Thu, 16 Feb 2006, nevot wrote:
>>> 
>>>> In the other way, I just recently (half an hour ago) downgraded a
> pair
>>> of
>>>> PIX515E because our VPNs were sistematically dropped every hour,
> making
>>> the
>>>> vpns unusable. Though I will wait our provider's response, I think
>>> version 7
>>>> is not still ready for use, at least not in a IPSEC VPN scenario.
>>> 
>>> I ran 7.0(2) for the last few months, then upgraded to 7.0(4) because
> of a
>>> AAA session-limit bug.  But other than that, no problems with remote
> users
>>> staying connected:
>>> 
>>> Duration     : 2d 0h:59m:30s
>>> Duration     : 3d 1h:23m:09s
>>> Duration     : 1d 0h:28m:07s
>>> Duration     : 7d 23h:52m:18s
>>> Duration     : 3d 18h:52m:35s
>>> Duration     : 1d 0h:01m:23s
>>> Duration     : 1d 23h:08m:59s
>>> Duration     : 10d 18h:59m:38s
>>> Duration     : 8d 21h:25m:26s
>>> Duration     : 1d 20h:52m:17s
>>> 
>>> (Some of the day+ connections)
>>> 
>>> I've been on 7.0(4) for:
>>> up 12 days 17 hours
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list