Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco PIX Firewall Software

Cisco PIX Firewall Release Notes, Version 6.3(5)

Downloads

Table Of Contents

Cisco PIX Firewall Release Notes Version 6.3(5)

Contents

Introduction

System Requirements

Memory Requirements

Software Requirements

Maximum Recommended Configuration File Size

Cisco VPN Software Interoperability

Cisco VPN Client Interoperability

Cisco Easy VPN Remote Interoperability

Cisco Easy VPN Server Interoperability

Determining the Software Version

Upgrading to a New Software Release

New and Changed Information

Important Notes in Release 6.3

Simultaneous PPTP Connection Limitation

ACL Source Address Change When an Alias is Configured

Interface Settings on the PIX 501 and PIX 506E

Upgrading the PIX 506 and the PIX 515

Easy VPN Remote and Easy VPN Server

PIX 535 Interfaces

Caveats

Open Caveats - Release 6.3(5)

Resolved Caveats - Release 6.3(5)

Related Documentation

Software Configuration Tips on the Cisco TAC Home Page

Obtaining Documentation

Cisco.com

Documentation CD-ROM

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco TAC Website

Opening a TAC Case

TAC Case Priority Definitions

Obtaining Additional Publications and Information


Cisco PIX Firewall Release Notes Version 6.3(5)

February 2008

Contents

This document includes the following sections:

Introduction

System Requirements

New and Changed Information

Important Notes in Release 6.3

Caveats

Related Documentation

Obtaining Documentation

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

The PIX Firewall delivers unprecedented levels of security, performance, and reliability, including robust, enterprise-class security services such as the following:

Stateful inspection security, based on state-of-the-art Adaptive Security Algorithm (ASA)

Over 100 predefined applications, services, and protocols for flexible access control

Virtual Private Networking (VPN) for secure remote network access using IKE/IPSec standards

Intrusion protection from over 55 different network-based attacks

URL filtering of outbound web traffic through third-party server support

Network Address Translation (NAT) and Port Address Translation Support (PAT)

Additionally, PIX Firewall Version 6.3 software supports Cisco PIX Device Manager (PDM) Version 3.0 and adds enhancements to features introduced in earlier releases.

System Requirements

The sections that follow list the system requirements for operating a PIX Firewall with Version 6.3 software.

Memory Requirements

The PIX 501 has 16 MB of RAM and will operate correctly with Version 6.1(1) and higher, while all other
PIX Firewall platforms continue to require at least 32 MB of RAM (and therefore are also compatible with version 6.1(1) and higher).

In addition, all units except the PIX 501 and PIX 506E require 16 MB of Flash memory to boot. (The PIX 501 and PIX 506E have 8 MB of Flash memory, which works correctly with Version 6.1(1) and higher.)

Table 1 lists Flash memory requirements for this release.

Table 1 Flash Memory Requirements 

PIX Firewall Model
Flash Memory Required in Version 6.3

PIX 501

8 MB

PIX 506E

8 MB

PIX 515/515E

16 MB

PIX 520

16 MB (Some PIX 520 units may need a memory upgrade because older units had 2 MB, though newer units have 16 MB)

PIX 525

16 MB

PIX 535

16 MB


Software Requirements

Version 6.3 requires the following:

1. The PIX Firewall image no longer fits on a diskette. If you are using a PIX Firewall unit with a diskette drive, you need to download the Boothelper file from Cisco Connection Online (CCO) to let you download the PIX Firewall image with TFTP.

2. If you are upgrading from Version 4 or earlier and want to use the Auto Update, IPSec, SSH, PDM, or VPN features or commands, you must have a new 56-bit DES activation key. Before getting a new activation key, write down your old key in case you want to retrograde to Version 4. You can have a new 56-bit DES activation key sent to you by completing the form at the following website:

http://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl?pid=221&fid=324

3. If you are upgrading from a previous PIX Firewall version, save your configuration and write down your activation key and serial number. Refer to "Upgrading to a New Software Release" for new installation requirements.

Maximum Recommended Configuration File Size

For the PIX 525 and PIX 535, the maximum configuration file size limit is increased to 2 MB for PIX Firewall software Versions 5.3(2) and later. For other PIX Firewall platforms, the maximum configuration file size limit is 1 MB. Earlier versions of the PIX 501 are limited to a 256 KB configuration file size. If you are using PIX Device Manager (PDM), we recommend no more than a 100 KB configuration file because larger configuration files can interfere with the performance of PDM on your workstation.

While configuration files up to 2 MB are now supported on the PIX 525 and PIX 535, be aware that such large configuration files can reduce system performance. For example, a large configuration file is likely to noticeably slow execution times in the following situations:

While executing commands such as write term and show conf

Failover (the configuration synchronization time)

During a system reload

The optimal configuration file size for use with PDM is less than 100 KB (which is approximately 1500 lines). Please take these considerations into account when planning and implementing your configuration.

Cisco VPN Software Interoperability

Cisco VPN Series
Interoperability Comments

Cisco IOS Routers

PIX Firewall Version 6.3 requires Cisco IOS Release 12.0(6)T or higher running on the router when using IKE Mode Configuration on the PIX Firewall.

Cisco VPN 3000 Concentrators

PIX Firewall Version 6.3 requires Cisco VPN 3000 Concentrator Version 2.5.2 or higher for correct VPN interoperability.


Cisco VPN Client Interoperability

Cisco VPN Client
Interoperability Comments

Cisco Secure VPN Client v1.x

PIX Firewall Version 6.3 requires Cisco Secure VPN Client Version 1.1. Cisco Secure VPN Client Version 1.0 and 1.0a are no longer supported.

Cisco VPN Client v3.x

(Unified VPN Client Framework)

PIX Firewall Version 6.3 supports the Cisco VPN Client Version 3.x that runs on all Microsoft Windows platforms. It also supports the Cisco VPN Client Version 3.5 or higher that runs on Linux, Solaris, and Macintosh platforms.


Cisco Easy VPN Remote Interoperability

Cisco Easy VPN Remote
Interoperability Comments

PIX Firewall Easy VPN Remote v6.3

PIX Firewall software Version 6.3 Cisco Easy VPN Server requires PIX Firewall software Version 6.3 Easy VPN Remote.

VPN 3000 Easy VPN Remote v3.6

PIX Firewall software Version 6.3 Cisco Easy VPN Server requires the VPN 3000 Version 3.6 Easy VPN Remote that runs on the VPN 3002 platform.

Cisco IOS Easy VPN Remote Release 12.2(16.4)T

PIX Firewall software Version 6.3 Cisco Easy VPN Server interoperates with Cisco IOS 806 Easy VPN Remote Release (16.4)T.


Cisco Easy VPN Server Interoperability

Cisco Easy VPN Server
Interoperability Comments

PIX Firewall Easy VPN Server v6.3

PIX Firewall software Version 6.3 Cisco Easy VPN Remote requires a PIX Firewall Version 6.3 Easy VPN Server.

VPN 3000 Easy VPN Server v3.6.7

PIX Firewall software Version 6.3 Cisco Easy VPN Remote requires VPN 3000 Version 3.6.7 Easy VPN Server.

Cisco IOS Easy VPN Server Release 12.2(15)T

PIX Firewall software version 6.3 Cisco Easy VPN Remote works with Cisco IOS Release 12.2(15)T Easy VPN Server in IKE pre-shared authentication and does not work with certificate. It is expected to interoperate using certificate, after CSCea02359 and CSCea00952 resolved and integrated in later versions of Cisco IOS Easy VPN Server.


Determining the Software Version

Use the show version command to verify the software version of your PIX Firewall unit.

Upgrading to a New Software Release

If you have a Cisco Connection Online (CCO) login, you can obtain software from the following website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/pix

New and Changed Information

Version 6.3(5) is a maintenance release which includes several caveat resolutions.

Important Notes in Release 6.3

This section describes important notes for Version 6.3.

Simultaneous PPTP Connection Limitation

There is a hardware limitation of 128 concurrent sessions in PIX 6.x. If you subtract one for the PPTP listening socket, the maximum number of simultaneous PPTP connections is127.

Attempts to connect more than 127 connections with PIX 6.x generates the following error message: 

%PIX-3-213001: PPTP control daemon socket io accept error, errno = 5

ACL Source Address Change When an Alias is Configured

When the alias command is used for destination address translation, an inbound message originating from the foreign_ip source address is translated to the dnat_ip address. If you configure an inbound ACL with an address defined by the alias command, you must use the foreign_ip address as the ACL source address instead of the dnat_ip address, as was used in Release 6.2. The ACL check is now done before the translation occurs, which is consistent with the way the firewall treats other NATed addresses in ACLs.

Interface Settings on the PIX 501 and PIX 506E

With the PIX Firewall Version 6.3, the settings for the following interfaces have been updated as follows:

PIX 501 outside interface (port 0) - 10/100 Mbps half or full duplex

PIX 501 inside interface - 10/100 Mbps half or full duplex

PIX 506E inside interface - 10/100 Mbps half or full duplex

PIX 506E outside interface - 10/100 Mbps half or full duplex

Note When upgrading the PIX 501 to Version 6.3, the inside interface is automatically upgraded to 100 Mbps full duplex. During the upgrade process the system displays the message "ethernet1 interface can only be set to 100full."

Upgrading the PIX 506 and the PIX 515

When upgrading a classic PIX 506 or PIX 515 (the non "E" versions) to PIX Firewall OS Version 6.3, the following message(s) might appear when rebooting the PIX Firewall for the first time after the upgrade:

ethernet0 was not idle during boot.

ethernet1 was not idle during boot.

These messages (possibly one per interface) will be followed by a reboot. This is a one-time event and is a normal part of the upgrade on these platforms.

Easy VPN Remote and Easy VPN Server

The PIX 501 and PIX 506/506E are both Easy VPN Remote and Easy VPN Server devices. The PIX 515/515E, PIX 525, and PIX 535 act as Easy VPN Servers only.

The PIX 501 and PIX 506/506E can act as Easy VPN Remote devices or Easy VPN Servers so that they can be used either as a client device or VPN headend in a remote office installation. The PIX 515/515E, PIX 525, and PIX 535 act as Easy VPN Servers only because the capacity of these devices makes them appropriate VPN headends for higher-traffic environments.

PIX 535 Interfaces

These practices must be followed to achieve the best possible system performance on the PIX 535:

PIX-1GE-66 interface cards should be installed first in the 64-bit/66 MHz buses before they are installed in the 32-bit/33 MHz bus. If more than four PIX-1GE-66 cards are needed, they may be installed in the 32-bit/33 MHz bus but with limited potential throughput.

PIX-VACPLUS should be installed in a 64-bit/66 MHz bus to avoid degraded throughput.

PIX-1GE and PIX-1FE cards should be installed first in the 32-bit/33 MHz bus before they are installed in the 64-bit/66 MHz buses. If more than five PIX-1GE and/or PIX-1FE cards are needed, they may be installed in a 64-bit/66 MHz bus but doing so will lower that bus speed and limit the potential throughput of any PIX-1GE-66 card installed in that bus.

The PIX-1GE Gigabit Ethernet adaptor is supported in the PIX 535; however, its use is strongly discouraged because maximum system performance with the PIX-1GE card is much slower than that with the PIX-1GE-66 card. The software displays a warning at boot time if a PIX-1GE is detected.

Table 2 summarizes the performance considerations of the different interface card combinations.

Table 2 Gigabit Ethernet Interface Card Combinations 

Interface Card Combination
Installed In Interface Slot Numbers
Potential Throughput

Two to four PIX-1GE-66

0 through 3

Best

PIX-1GE-66 combined with PIX-1GE or just PIX-1GE cards

0 through 3

Degraded

Any PIX-1GE-66 or PIX-1GE

4 through 8

Severely degraded


Caution The PIX-4FE and PIX-VPN-ACCEL cards can only be installed in the 32-bit/33 MHz bus and must never be installed in a 64-bit/66 MHz bus. Installation of these cards in a 64-bit/66 MHz bus may cause the system to hang at boot time.
Caution If Stateful Failover is enabled, the interface card and bus used for the Stateful Failover LAN port must be equal to or faster than the fastest card used for the network interface ports. For example, if your inside and outside interfaces are PIX-1GE-66 cards installed in bus 0, then your Stateful Failover interface must be a PIX-1GE-66 card installed in bus 1. A PIX-1GE or PIX-1FE card cannot be used in this case, nor can a PIX-1GE-66 card be installed in bus 2 or share bus 1 with a slower card.

Caveats

The following sections describe the caveats for the 6.3 release.

For your convenience in locating caveats in Cisco's Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:

Commands are in boldface type.

Product names and acronyms may be standardized.

Spelling errors and typos may be corrected.

Note If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:

http://www.cisco.com/public/support/tac/tools_trouble.shtml

To become a registered cisco.com user, go to the following website:

http://tools.cisco.com/RPF/register/register.do

Open Caveats - Release 6.3(5)

Table 3 Open Caveats 

ID Number
Software Release 6.3(5)
Corrected
Caveat Title

CSCec44081

No

No address translation if multiple ILS messages in one TCP segment

CSCee92806

No

Tunnel not established with NAT-T and certs when MTU > 1500

CSCeg13784

No

PIX tracebacks in turboacl_process when compiling access-list

CSCeg13789

No

PIX - compiled ACLs become corrupted over time

CSCeg54777

No

Throughput drop for combined FW and multi-tunnel VPN traffic

CSCeg83890

No

PIX 501 sends extra byte in passw attr during IUA challenge process

CSCeh40145

No

Assertion getting statistics via PDM while PIX in NEM and reloading

CSCei07402

No

PIX failed over with SSH thread

CSCei47019

No

Logger thread priority too low to allow proper logging queue drain

CSCei47678

No

PIX not following SNMP packet size standard in RFC 3417

CSCei62031

No

Traceback in malloc:_free+17 on executing no capture

CSCei63244

No

Traceback with lu_rx thread name in failover mode

CSCei74718

No

Traceback seen at ssh_init when testing capture

CSCsb34758

No

Connection to DMZ fails after PIX authentication session

CSCsb45070

No

Assertion bp->rptr >= bp->base && bp->wptr <= bp->limit failed: file

CSCsb48916

No

Manual ipsec fail when esp-aes-256 specified with auth

CSCsb53549

No

VAC+ may cause interface to stop passing all traffic

CSCsb53760

No

Port redirection for DNS traffic does not work correctly

CSCsb54610

No

Reload in fover_parse when synchronizing very large access-list


Resolved Caveats - Release 6.3(5)

Table 4 Resolved Caveats  

ID Number
Software Release 6.3(5)
Corrected
Caveat Title

CSCdu79031

Yes

Latency through PIX when issuing write mem command

CSCea40885

Yes

PIX - Capture sometimes records wrong MAC addr for PIXs

CSCec86400

Yes

PIX traceback after issuing show isakmp sa detail

CSCec89275

Yes

Reboot with traceback after modifying access-list

CSCef10485

Yes

PIX assigns the first time wrong IP address to VPNclient

CSCef15146

Yes

RIP may put the routes with bigger metric into the routing

CSCef16218

Yes

Active FTP failed with outside NAT and retransmit PORT

CSCef16873

Yes

No Audio During SIP Gateway Call

CSCef17488

Yes

PIX SIP fixup does not correctly open RTP conns using NAT

CSCef17703

Yes

Premature invalid SPI with dynamic crypto map

CSCef22894

Yes

Increase amount of memory allowed for the PDM history

CSCef24632

Yes

PIX might reload when clearing the config with pdm history

CSCef26256

Yes

PIX crash while doing write standby

CSCef27344

Yes

DHCP relay does not work with BOOTP

CSCef39526

Yes

Alias command may cause High CPU on Secondary PIX

CSCef47155

Yes

PPTP passthru fails after upgrading to 6.3.4

CSCef47529

Yes

PIX crash in radius_snd thread

CSCef57566

Yes

PIX PMTUD implementation for IPSec vulnerable to spoofed

CSCef61702

Yes

4-byte block leak when sending TCP RST in some

CSCef66863

Yes

OSPF redistribute connected vlan fails on physical

CSCef75987

Yes

Packets corrupted and spurious invalid SPI with VAC under

CSCef80869

Yes

arp-response received on a wrong interface causes crash

CSCef81257

Yes

Inbound SYN Packet has ACK changed from 0 to some random

CSCef82742

Yes

Presence of extra lf in uauth FTP answer

CSCef84827

Yes

Write Standby is causing http server disabled on standby

CSCef86106

Yes

Mishandling of syslog message 106013

CSCef91771

Yes

Identity NAT norandomseq broken with stateful failover

CSCef93994

Yes

SIP:Large # of SIP conns from REGISTER xactions cause

CSCef94622

Yes

On receiving invalid ACK, RST should be allowed through

CSCef98132

Yes

aaa auth match statement not working correctly with

CSCeg02725

Yes

Crash when removing aaa serve

CSCeg04006

Yes

SEQ number in the outbound RST packet gets randomized

CSCeg05291

Yes

SIP: PIX does not reset xlate timer for RTP in certain

CSCeg07701

Yes

pptp stops accepting new connections: tcp listening socked

CSCeg07744

Yes

Linkdown trap does not contain ifIndex variable

CSCeg20248

Yes

PIX 501 crashes when VPN to VPN 3030 concentrator using

CSCeg22626

Yes

SIP: PIX add extra white space when IP Address Privacy is

CSCeg24504

Yes

Embryonic xlate gets consumed instead of using PAT xlate

CSCeg31510

Yes

PIX sets wrong content-length in SIP header

CSCeg38460

Yes

SIP: Signalling secondary connection not timing out as

CSCeg40538

Yes

SIP:2ndary conns for INVITE should stay up for duration of

CSCeg41622

Yes

SIP: Source UDP port of Register are not translated in

CSCeg48656

Yes

Potential SYN, ACK, RST loop on TCP recovery mechanism

CSCeg52090

Yes

PIX resetting ftp connection

CSCeg54523

Yes

PIX reboots continuously with overlapping/redundant statics

CSCeg56154

Yes

PIX crash with wrong clear ospf syntax

CSCeg58814

Yes

PIX crash stack overflow when show crypto ipsec identity

CSCeg61351

Yes

PIX 6.3(4) crashes with thread tacplus_snd similar to

CSCeg71881

Yes

Conversion from dhcpd to dhcprelay requires reboot

CSCeh10239

Yes

SIP: RTP session is closed/disconnected when receive

CSCeh21989

Yes

PIX 6.3 translates aaa accounting cmd automatically and

CSCeh22724

Yes

Incorrect xlate can be created by SIP fixup

CSCeh28734

Yes

Standby PIX takes active unit MAC for a few sec after boot

CSCeh33341

Yes

FastEthernet driver might corrupt packets under extreme

CSCeh42211

Yes

TurboACL with more than 65535 elements may compile wrong

CSCeh42901

Yes

SIP: CSeq No parsed incorrectly if CSeq no length is 10

CSCeh47107

Yes

SIP: SIP URI Parse error happens when receiving SIP

CSCeh52176

Yes

DNS guard disconnects conn on one response

CSCeh62359

Yes

SIP: sip-disconnect timeout for SIP sessions

CSCeh62642

Yes

SIP: sip-invite timeout for SIP sessions

CSCeh71223

Yes

PIX stops forwarding the failover hello packet while write

CSCeh71254

Yes

Active FTP failed with cut-through proxy for FTP

CSCeh73510

Yes

PIX adds <16> in DC field for LDAP CRL request

CSCeh74381

Yes

On receiving invalid ACK, RST should be allowed through

CSCeh78170

Yes

Many SA requests at once cause unpredictable failover

CSCeh92328

Yes

OSPF external routes preferred over internal with multiple processes

CSCeh94584

Yes

Object group search for acl can be enabled after acl is used in nat

CSCeh96286

Yes

Deadlock of vac poll and interface threads with VAC card

CSCeh96556

Yes

4 byte block exhaustion may cause failover or dropped connections

CSCei09184

Yes

L2TP over IPSEC NAT-T not working with WindowsXP

CSCei10683

Yes

SIP: fail to open a conn for Record route in NOTIFY

CSCei17398

Yes

Excessive TCP retransmissions for connections to the PIX

CSCei22149

Yes

URL filtering: misc issues related to request exhaustion and cleanup

CSCei24710

Yes

ffs: loading PDM from mozilla causes assert

CSCei29707

Yes

RTSP fixup does not recognise server ports

CSCei41295

Yes

Two dynamic maps configured and the correct one not picked up

CSCei46448

Yes

Port F1 fix (CSCeh38022) to 6.3. This is the GigE driver tx ring fix

CSCei58383

Yes

PIX crashes when -v option used without parameter in piping

CSCei64471

Yes

PIX crashes when entering CA SAVE ALL

CSCsb33373

Yes

SIP: Not translate c= address if first m= has port 0 in SDP body

CSCsb37529

Yes

PIX 6.3.3 crashes with traceback dbgtrace:_dbg_output+135


Related Documentation

Use this document in conjunction with the PIX Firewall and Cisco VPN Client Version 3.x documentation at the following websites:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/vpn/index.htm

Cisco provides PIX Firewall technical tips at the following website:

http://www.cisco.com/warp/public/707/index.shtml#pix

You can find the PIX 6.3 documentation at the following website:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/index.htm

Software Configuration Tips on the Cisco TAC Home Page

The Cisco Technical Assistance Center has many helpful pages. If you have a CCO account you can visit the following websites for assistance:

TAC Customer top issues for PIX Firewall:

http://www.cisco.com/warp/public/110/top_issues/pix/pix_index.shtml

TAC Sample Configs for PIX Firewall:

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Hardware:PIX&s=Software_Configuration

TAC Troubleshooting, Sample Configurations, Hardware Info, Software Installations and more:

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Hardware:PIX

Obtaining Documentation

Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

International Cisco websites can be accessed from this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated regularly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual or quarterly subscription.

Registered Cisco.com users can order a single Documentation CD-ROM (product number DOC-CONDOCCD=) through the Cisco Ordering tool:

http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.html

All users can order annual or quarterly subscriptions through the online Subscription Store:

http://www.cisco.com/go/subscription

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/en/US/partner/ordering/index.shtml

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click Feedback at the top of the page.

You can send your comments in e-mail to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance.

Cisco TAC Website

The Cisco TAC website (http://www.cisco.com/tac) provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year.

Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:

http://tools.cisco.com/RPF/register/register.do

Opening a TAC Case

The online TAC Case Open Tool (http://www.cisco.com/tac/caseopen) is the fastest way to open P3 and P4 cases. (Your network is minimally impaired or you require product information). After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using these recommendations, your case will be assigned to a Cisco TAC engineer.

For P1 or P2 cases (your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.

To open a case by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete listing of Cisco TAC contacts, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

TAC Case Priority Definitions

To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.

Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://www.cisco.com/en/US/products/products_catalog_links_launch.html

Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for new and experienced users: Internetworking Terms and Acronyms Dictionary, Internetworking Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/go/packet

iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html

Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:

http://www.cisco.com/en/US/learning/index.html