[c-nsp] 1841 bugs?
e ninja
eninja at gmail.com
Thu Apr 24 23:41:10 EDT 2008
Michael,
responses inline...
On Thu, Apr 24, 2008 at 10:04 AM, Michael Malitsky <malitsky at netabn.com>
wrote:
> Hello,
>
> I am curious if anyone is experiencing bugs with the 1841 platform? In
> our case it's acting as a firewall, and terminating 5 IPSEC tunnels.
An 1841 is an ISR with built in firewall, NAC et al security features.
>
> Also routing between several VLANs. No dynamic routing protocols.
> Remote access via SSH. It seems that we are getting a bunch of error
> messages in the logs generated by the CRYPTO engine. The worst part is
> that any changes I try to make remotely cause the router to crash (crash
> means router completely unresponsive, even at console, and requires a
> reboot).
That is a 'hang' and not a crash.
> As an example, here's the last change that caused a crash:
> access-list 140 permit ip host 192.168.1.59 host 172.29.1.104
> where access-list 140 has not been previously defined.
> Making changes from the console is a bit more predictable, but has also
> caused crashes. I am afraid to turn on debugging of any sort, with it
> being so unstable.
>
> I don't see the router low on memory, nor very high on CPU utilization.
> Traffic levels are a few Mb at most.
Can we take a look at the logs and sh tech?
>
> We've tried IOS versions 12.4(3), 12.4(19), and 12.4(18a) - the last one
> was a suggestion from TAC. All are Advanced Security versions, all show
> same instability.
>
> Am I correct that this router is not really meant to do all this, and we
> should put an ASA in it's place, or am I missing something?
>
what are you looking to achieve in your network? Again, this is an ISR
http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet0900aecd8016a59b.html
/eninja
More information about the cisco-nsp
mailing list