Cisco 870 - VPN - DMZ in four contries : Is it the way to Hell or Heaven ?

Discussion in 'Cisco' started by thorkil.johansen@gmail.com, Sep 17, 2007.

  1. Guest

    Hi

    One year ago I was so tired of my Novell VPN that I replaced is with 4
    cisco Cisco 870 (Copenhagen, Bordeaux, Gotenburg, Helsinki)
    I choose Cisco becourse I wanted to have some equipment where I could
    be sure of some proff assistance. I have never used Cisco before, and
    I have the feeling that now I would experiance how a hi-end solution
    should be.

    It has been a very negative experience to learn how a cisco product
    like the 870 is handled by both Cisco and the partners. My (high)
    expectations has not been met a all.

    Now I have to reboot the main cisco three times a week (often during
    the week-end) and the company who help me, seems to have no clues
    about what is going on.

    I really want to get in contact with a Cisco consultant who works in a
    structured manner.
    I don't care which country he works in. As long as he have a bank-
    account I will pay

    Does anyone knows a very good cisco-consultant ?

    Regards
    Thorkil Johansen


    I have a console connected:
    %SYS-2-NOTQ: unqueue didn't find 0 in queue 82AB3E00 -Process=
    "<interrupt level
    >", ipl= 2, pid= 73 -Traceback= 0x8077CCD8 0x803BF92C 0x803C4FBC 0x803CD13C 0x80

    3CD51C 0x803D1A6C 0x8016DAA8 0x80162000 0x80164758 0x8016732C
    0x80023AA4 0x80105350 0x80105350 0x80023B64 0x80B7A5C4 0x80B7A490

    I got this 4 times on the syslog a minute before the crash:
    2007-09-06 08:19:03 Local7.Warning 10.45.1.11 65571: 065569: Sep 6
    2007 08:19:03: %IP_VFR-4-FRAG_TABLE_OVERFLOW: BVI1: the fragment table
    has reached its maximum threshold 16
     
    , Sep 17, 2007
    #1
    1. Advertising

  2. Guest

    On 17 Sep, 21:23, wrote:
    > Hi
    >
    > One year ago I was so tired of my Novell VPN that I replaced is with 4
    > cisco Cisco 870 (Copenhagen, Bordeaux, Gotenburg, Helsinki)
    > I choose Cisco becourse I wanted to have some equipment where I could
    > be sure of some proff assistance. I have never used Cisco before, and
    > I have the feeling that now I would experiance how a hi-end solution
    > should be.
    >
    > It has been a very negative experience to learn how a cisco product
    > like the 870 is handled by both Cisco and the partners. My (high)
    > expectations has not been met a all.
    >
    > Now I have to reboot the main cisco three times a week (often during
    > the week-end) and the company who help me, seems to have no clues
    > about what is going on.
    >
    > I really want to get in contact with a Cisco consultant who works in a
    > structured manner.
    > I don't care which country he works in. As long as he have a bank-
    > account I will pay
    >
    > Does anyone knows a very good cisco-consultant ?
    >
    > Regards
    > Thorkil Johansen
    >
    > I have a console connected:
    > %SYS-2-NOTQ: unqueue didn't find 0 in queue 82AB3E00 -Process=
    > "<interrupt level>", ipl= 2, pid= 73 -Traceback= 0x8077CCD8 0x803BF92C 0x803C4FBC 0x803CD13C 0x80
    >
    > 3CD51C 0x803D1A6C 0x8016DAA8 0x80162000 0x80164758 0x8016732C
    > 0x80023AA4 0x80105350 0x80105350 0x80023B64 0x80B7A5C4 0x80B7A490
    >
    > I got this 4 times on the syslog a minute before the crash:
    > 2007-09-06 08:19:03 Local7.Warning 10.45.1.11 65571: 065569: Sep 6
    > 2007 08:19:03: %IP_VFR-4-FRAG_TABLE_OVERFLOW: BVI1: the fragment table
    > has reached its maximum threshold 16



    Sorry to say it but I have has a rather negative experience
    with the 870.

    In my view it is not a business class product 'yet?' due
    to software instability under decent load.

    We are presently using 2801 as a minumum
    for business links and have had no trouble at all.
    I suspect that the 1800 wil be OK but we don't use enough
    to justify extensive testing of them and our customers
    are prepared to pay for the 2801 so it's not something
    that we have tried.

    Having said that the more recent software seems
    to be giving us less trouble (we still use the 8[57]0)
    for "home" VPNs) so maybe it's fixed now.

    The traceback is the result of a software crash
    and such things simply : -) indicate a bug. You must
    either work around the bug or get a software upgrade.

    The other one (fragment table thing) is the result
    of insufficient resources for the traffic offered.
    I think that the limit can be raised to 32. This router
    is not really I don;t think up to such processing and I
    would disable that facility if possible.

    Getting the right response from TAC is not always
    straightforward but if you push the right buttons
    in the right order then I have found that I get the
    result that I want, however at one time I did a
    lot of work with them. Clearly if the router has
    bugs then they cant fix it.

    Thing is though; a decent independent consultant
    is going to want enough to buy a few 870s for a
    days work. This is where your model falls into
    trouble. Even if your network is completely
    straightforward, to upgrade 4 routers remotely
    study the configs, come up with some suggestions,
    implement and test is looking at more than a days work
    I would say. Then there is the potential for liability for
    subsequent problems up to and not excluding some sort of
    VPN security problem. hmmmmmm.
    Interesting.
     
    , Sep 18, 2007
    #2
    1. Advertising

  3. Merv Guest

    Are you having trouble with just the Cisco 870 at the main hub site ?

    The word traceback in the output almost always indicates an IOS
    software bug.

    Post the output of "show version" so responders will know what IOS
    version is being used on the hub site 870.

    Short term you should probably find someone locally who can upgrade
    the IOS version for you assuming you have SmartNet support contract
    for the Cisco 870. The configuration may also need to be modified
    based on your current issue.

    The traffic being recived by the hub site 870 may have exceeded its
    capabilities and then you would need to look at a suitable
    replacement.
     
    Merv, Sep 18, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. DVD Verdict
    Replies:
    0
    Views:
    507
    DVD Verdict
    May 15, 2006
  2. Re: Cisco 870 DMZ

    , Jul 18, 2006, in forum: Cisco
    Replies:
    2
    Views:
    732
  3. AM
    Replies:
    0
    Views:
    426
  4. Bruce
    Replies:
    31
    Views:
    1,603
    John Turco
    Sep 25, 2010
  5. Replies:
    0
    Views:
    855
Loading...

Share This Page