Question : Problem: Cisco IOS 6.2(2) bug?

My LAN is protected by Cisco PIX-515E-UR + PIX-515E-FO units. I noticed recently both units are reloaded sometimes, but not because of the power failures. I've found weird thing: when I try to send my public PGP (DH/DSS) key to ldap://keyserver.pgp.com, PIX stops to response. I've connected to console port, set logging level to info and saw the messages (first line is info about my connection to ldap server):

302013: Built outbound TCP connection 123 for out0:63.251.255.12/389 (63.251.255.12/389) to inside:10.0.1.5/2021 (xxx.xxx.xxx.xxx/2021) (mara)

Thread Name: 557poll (Old pc 0x800aa087 ebp 0x8127bcc4)

Traceback:
0: 800aa079
1: 80002fc1
2: 00000000
vector 0x0000000e (page fault)
edi 0x72206c6c
esi 0x809f5568
ebp 0x8127bcb4
esp 0x8127bc8c
ebx 0x8095f648
edx 0x809f55bc
ecx 0x00000000
eax 0x8079bc60
error code 0x00000000
eip 0x800aacfc
cs 0x00000008
eflags 0x00010286
CR2 0x72206c5c
Stack dump: base:0x8127ad20 size:4096, active:276
0x8127bd1c: 0x00000000
... and so on, primary system is rebooted and became active.

I was forced to issue the command "no fixup protocol ils 389" to avoid pix reboots. Has anybody solved this problem in some other way?

Answer : Problem: Cisco IOS 6.2(2) bug?

I have access to Cisco's Bug Tracker..
They are not EXACT to your situation, but close enough to consider that the workaround that you found is the same workaround for this:

CSCdx78331 Bug Details
Headline: pix crash
Product: pix
First found in: 6.2(1)
Duplicate of CSCdx73007
Notes:

Release-note :

A pix with release 6.2.1 might reload with the following. This could be related to "fixup protocol ils 389"

pix1#
Thread Name: pix/intf0 (Old pc 0x800b1480 ebp 0x811d195c)

Traceback:
0: 8002c6c7
1: 8002bd4c
2: 8002c0de
3: 8002c22c
4: 8011dde5
5: 80122727
6: 80121911
7: 80126472
==============================================================
CSCdx73007:
DESCRIPTION:
A PIX running version 6.2(1) might crash with the following traceback thread:

Thread Name: pix/intf0 (Old pc 0x800b1480 ebp 0x811d195c)

Please contact TAC and provide the traceback from the console of the
PIX when it crashed.

This issue is related to the ILS fixup on the PIX.

WORKAROUND:
Disable the ils fixup:
no fixup protocol ils 389
=============================================================
Found this one, too, that might be closer:

:
CSCdz65766
PIX-515 reload due to fixup ils (ldap)
Affected version: 6.2(2)

PIX 515 handling 800kbits/second max on 4 of the six interfaces, with 2
interfaces maxing out at around 2.5Mbits/sec. With this traffic now going
through, the PIX is seeing failures every 30 hours or so.

Specifically, the failures are that the active PIX throws a traceback out the
console port and reboots. The secondary PIX successfully detects the failure
and becomes active, resulting in a 15-20 second outage for all services.

Replaced one of the pixes with another 515 (matching hardware/software) but
this replacement PIX failed in the same manner.

By decoding the tracebacks, this is believed to be a software failure issue in
6.2.2 with the fixup protocol for ILS.

Possible workaround where appropriate : Disable ILS fixup.

Random Solutions

Problem: IS THIS BLUETOOTH ENABLED

Problem: T1 Controller to Serial Interface, please help

Problem: 6GB MEMORY PROBLEMS?

Problem: USB-drive and win95

Problem: Can I use my laptop as a monitor for my PC?

Problem: Using Cisco 3560\3750 SFP port for Tape Library

Problem: Fake Audio Driver

Problem: Bizhub c350 - one out of for Mac's can see it

Problem: Connecting a D-Link switch to a Cisco switch

Problem: Is it secure using cisco vlans within a DMZ