1. Home
  2. Cisco Systems
  3. New ASA 5505: To Upgrade OS and ASDM or Not?

New ASA 5505: To Upgrade OS and ASDM or Not?

Hello,

Based on input within this newsgroup, I purchased an ASA 5505 for a client. I've configured it, tested it and all works great. This client needs the unit for a stepped-up firewall compared to what he used to have (basic Netgear firewall), plus usage for VPN purposes (7 employees).

The unit I purchased is running OS version 7.2(3) and ASDM version

5.2(3). Should I upgrade the OS version to 8.0(3) and the ASDM version to 6.0(3) prior to bringing it on-line?

Whether yes or no, I'd appreciate you sharing your reasoning, as I'm averse to upgrading "just because it's available".

Regards and Happy New Year,

Buck

Reply to
Buck Rogers
Loading thread data ...

No to the 8. train on the 5505's especially in production. There is a nasty bug that effects the 2048 blocks and 5505's that some customer run into that Cisco hasn't been able to be resolved yet. It was "supposed" to be fixed in

8.0(3), but it has not. The 7.2(3) is just fine in production.
Reply to
Brian V

Brian,

Thanks for the quick response.....and the heads up on the problems with 8.0(3). I'll do some more investigation prior to upgrading. Is there some info on the Cisco web site that addresses this issue?

Regards,

Buck

Reply to
Buck Rogers

Sure, in the bug tool kit. The one I've run in to at several customers is CSCsk21548 This specifically relates to the 1550 size blocks in 5510's and higher. It was explained to me by the TAC engineer that the 5505 utilizes the 2048 blocks rather than the 1550's in the larger firewalls and they fall under the same bug.

Reply to
Brian V

This is quite interesting cause in our environment we have been asked to move to 8 due to the bugs in 7.2.2 and 7.2.3. First problem we had was with a bad memory leak which would require us to failover/reboot primary/failback. We origionally worked w/TAC on 7.2.2 and were given the caveat explaining the bug and told to go to 7.2.3 which was supposed to resolve it. We did as requested and suffered the same fate with memory leaking and forcing reboot about every 2-3 weeks. We were then told to move to version 8 when it was released to resolve the issue due to a new caveat. We have not did this yet but are in the process due to the amount of clients involved. Another bug we ran into and was provided the caveat for was when we fail the units to repair the memory leak their is another bug which affects l2l connections causing 1 way traffic due to reverse route injection somehow being lost after a failover. Again we were told to move to version

8 to resolve this as well. Sad part is we have been informed of numerious bugs w/8 code also so this may turn into a nasty upgrade for us. Just FYI our environment uses the firewalls mainly for outside in entry to our local network with multiple l2l connections, 200+ SSL connections and 50+ IPSec connections. We do have 7.2.2 code and 8 code running on some 5505's doing nothing but l2l connections that have ran w/out issues for quite a while. Your milage may vary.

Reply to
Its me Earnest T.

Thanks Again Brian,

I'll read the info on the bug and delay upgrading until all is under control.

Regards,

Buck

Reply to
Buck Rogers

Thanks for the great input Ernest T.,

I'll keep things the way they are now and monitor the unit on-line for any of the issues you describe above.

Regards,

Buck

Reply to
Buck Rogers

Personally I would hold off unless you need the extra functions of the

8.0(3) code. I had to upgrade to support Vista on the WebVPN client and I am running into a memory leak causing me to reboot every so many months.
Reply to
dayhkr

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.