Friday, August 27, 2010

FiOS Cisco PIX ARP Problem Fixed!

The Problem

When you define a static NAT on the pix you cannot get to route beyond the pix. It appears that some FIOS ONTs send arp requests with a source IP of and the PIX will not send a proxy arp reply for the static entry but will respond itself only (me). I'm using 6.2.2 on the PIX.

In this example my PIX has an outside interface configured with 71.x.x.210. The debug shows that it responds fine.

"debug arp" on the pix shows
arp-in: rqst for me from for 71.x.x.210, on outside
arp-in: generating reply from 71.x.x.210 0013.60ac.bf97 to 000e.861c.d518

I have the following static entry configured.

static (inside,outside) 71.x.x.216 192.n.n.1 netmask

"debug arp" on the pix shows
arp-in: request at outside from 000e.861c.d518 for 0013.60ac.bf97

So the PIX knows about the mac address of .216 but it just won't not respond! 

Solution or Work around

Upgrade to 8.0.4-32. 
On the PIX software download page select PIX Interim Releases  at the top part of the page...

The PIX now replies to the arp request and everything now works like it should have in the first place!

Upgrading Cisco CUE from 3.1.1 to 7.0.5

Our current version was at 3.1.1 and we needed to fix the IMAP issue with Entourage by upgrading to 3.2.x but realized I could go all the way to 7.0.x! First login to the CUE and type show software version to check current version and check that your CME version supports by consulting the compatibility matrix. My CME was at 4.1(0) - I was good to go.

Download image form here (CCO login required). Ensure you pick the one that is appropriate for your hardware. I had an NM-CUE. Extract all files into a folder onto your FTP server. I also downloaded the language pack for the US separately and place this onto the FTP server too. At some point during the installation you will be asked to select the language and for some reason the install fails when it does not see that language file on your server.

You will need an FTP server to upgrade the CUE - I did a clean install. Once sessioned into the CUE you can follow these detailed steps but here is a quick summary.
  1. Backup all your files on the CUE (this is really important for a clean install). See below for instructions.
  2. Verify connectivity to your FTP server.
  3. Execute command on CUE: software download clean url username xxx password yyy
  4. Check status: software download status
  5. Now install the software just downloaded: software install clean cue-vm-k9.nm.7.0.5.pkg
  6. The system will reload after the upgrade completes.
  7. Check new version: show software version
  8. Restore the files from your backup server. I have the detailed steps listed below.
If you picked the wrong version of the software you will get this error message below. I downloaded the nme version during my first attempt!

WARNING:: This command will download the necessary software to 
WARNING:: complete an upgrade.  It is recommended that a backup be done 
WARNING:: before installing software. 

WARNING:: The system will briefly be brought to an offline state
WARNING:: This will terminate any active call and prevent new calls
WARNING:: from being processed.

Would you like to continue? [n] y

Downloading ftp cue-vm-k9.nme.7.0.5.pkg
Bytes downloaded :  179928 

Validating package signature ... done

Downloading ftp cue-vm-installer-k9.nme.7.0.5.prt1
Bytes downloaded :  127198 

Installer does not recognize package file format.
Attempting to upgrade installer...
starting_phase: /dwnld/pkgdata/.installer_wo
add_file /dwnld/pkgdata/cue-vm-installer-k9.nme.7.0.5.prt1 1 / tgz 
Installer upgrade successful
Restarting install process...
Validating package signature ... done
Validating installed manifests .............complete.
 - Parsing package manifest files... complete.
 - Checking Package dependencies... Service Engine Bootloader can not be installed on this platform/chassis combination.

CUE Backup Procedure 
  1. Config t on the CUE
  2. Configure the backup server with backup server url username xxx password yyy
  3. Verify with show backup server
  4. Go into offline mode - offline
  5. Do the back up. I normally get all the files - backup category all
  6. Exit offline mode - continue

CUE Restore Procedure
  1. show backup server will identify the backup ID number. Take note of this.
  2. Go into offline mode - offline
  3. Restore the files (my id number was 1) - restore id 1 category all
  4. reload