New ASA 5505: To Upgrade OS and ASDM or Not?

Discussion in 'Cisco' started by Buck Rogers, Dec 31, 2007.

  1. Buck Rogers

    Buck Rogers Guest

    Hello,

    Based on input within this newsgroup, I purchased an ASA 5505 for a
    client. I've configured it, tested it and all works great. This
    client needs the unit for a stepped-up firewall compared to what he
    used to have (basic Netgear firewall), plus usage for VPN purposes (7
    employees).

    The unit I purchased is running OS version 7.2(3) and ASDM version
    5.2(3). Should I upgrade the OS version to 8.0(3) and the ASDM
    version to 6.0(3) prior to bringing it on-line?

    Whether yes or no, I'd appreciate you sharing your reasoning, as I'm
    averse to upgrading "just because it's available".

    Regards and Happy New Year,

    Buck
     
    Buck Rogers, Dec 31, 2007
    #1
    1. Advertising

  2. Buck Rogers

    Brian V Guest

    "Buck Rogers" <> wrote in message
    news:...
    > Hello,
    >
    > Based on input within this newsgroup, I purchased an ASA 5505 for a
    > client. I've configured it, tested it and all works great. This
    > client needs the unit for a stepped-up firewall compared to what he
    > used to have (basic Netgear firewall), plus usage for VPN purposes (7
    > employees).
    >
    > The unit I purchased is running OS version 7.2(3) and ASDM version
    > 5.2(3). Should I upgrade the OS version to 8.0(3) and the ASDM
    > version to 6.0(3) prior to bringing it on-line?
    >
    > Whether yes or no, I'd appreciate you sharing your reasoning, as I'm
    > averse to upgrading "just because it's available".
    >
    > Regards and Happy New Year,
    >
    > Buck


    No to the 8. train on the 5505's especially in production. There is a nasty
    bug that effects the 2048 blocks and 5505's that some customer run into that
    Cisco hasn't been able to be resolved yet. It was "supposed" to be fixed in
    8.0(3), but it has not. The 7.2(3) is just fine in production.
     
    Brian V, Dec 31, 2007
    #2
    1. Advertising

  3. Buck Rogers

    Buck Rogers Guest

    On Sun, 30 Dec 2007 23:14:00 -0500, "Brian V" <>
    wrote:

    >
    >"Buck Rogers" <> wrote in message
    >news:...
    >> Hello,
    >>
    >> Based on input within this newsgroup, I purchased an ASA 5505 for a
    >> client. I've configured it, tested it and all works great. This
    >> client needs the unit for a stepped-up firewall compared to what he
    >> used to have (basic Netgear firewall), plus usage for VPN purposes (7
    >> employees).
    >>
    >> The unit I purchased is running OS version 7.2(3) and ASDM version
    >> 5.2(3). Should I upgrade the OS version to 8.0(3) and the ASDM
    >> version to 6.0(3) prior to bringing it on-line?
    >>
    >> Whether yes or no, I'd appreciate you sharing your reasoning, as I'm
    >> averse to upgrading "just because it's available".
    >>
    >> Regards and Happy New Year,
    >>
    >> Buck

    >
    >No to the 8. train on the 5505's especially in production. There is a nasty
    >bug that effects the 2048 blocks and 5505's that some customer run into that
    >Cisco hasn't been able to be resolved yet. It was "supposed" to be fixed in
    >8.0(3), but it has not. The 7.2(3) is just fine in production.



    Brian,

    Thanks for the quick response.....and the heads up on the problems
    with 8.0(3). I'll do some more investigation prior to upgrading. Is
    there some info on the Cisco web site that addresses this issue?

    Regards,

    Buck
     
    Buck Rogers, Dec 31, 2007
    #3
  4. Buck Rogers

    Brian V Guest

    "Buck Rogers" <> wrote in message
    news:...
    > On Sun, 30 Dec 2007 23:14:00 -0500, "Brian V" <>
    > wrote:
    >
    >>
    >>"Buck Rogers" <> wrote in message
    >>news:...
    >>> Hello,
    >>>
    >>> Based on input within this newsgroup, I purchased an ASA 5505 for a
    >>> client. I've configured it, tested it and all works great. This
    >>> client needs the unit for a stepped-up firewall compared to what he
    >>> used to have (basic Netgear firewall), plus usage for VPN purposes (7
    >>> employees).
    >>>
    >>> The unit I purchased is running OS version 7.2(3) and ASDM version
    >>> 5.2(3). Should I upgrade the OS version to 8.0(3) and the ASDM
    >>> version to 6.0(3) prior to bringing it on-line?
    >>>
    >>> Whether yes or no, I'd appreciate you sharing your reasoning, as I'm
    >>> averse to upgrading "just because it's available".
    >>>
    >>> Regards and Happy New Year,
    >>>
    >>> Buck

    >>
    >>No to the 8. train on the 5505's especially in production. There is a
    >>nasty
    >>bug that effects the 2048 blocks and 5505's that some customer run into
    >>that
    >>Cisco hasn't been able to be resolved yet. It was "supposed" to be fixed
    >>in
    >>8.0(3), but it has not. The 7.2(3) is just fine in production.

    >
    >
    > Brian,
    >
    > Thanks for the quick response.....and the heads up on the problems
    > with 8.0(3). I'll do some more investigation prior to upgrading. Is
    > there some info on the Cisco web site that addresses this issue?
    >
    > Regards,
    >
    > Buck


    Sure, in the bug tool kit. The one I've run in to at several customers is
    CSCsk21548 This specifically relates to the 1550 size blocks in 5510's and
    higher. It was explained to me by the TAC engineer that the 5505 utilizes
    the 2048 blocks rather than the 1550's in the larger firewalls and they fall
    under the same bug.
     
    Brian V, Dec 31, 2007
    #4
  5. This is quite interesting cause in our environment we have been asked to
    move to 8 due to the bugs in 7.2.2 and 7.2.3. First problem we had was with
    a bad memory leak which would require us to failover/reboot
    primary/failback. We origionally worked w/TAC on 7.2.2 and were given the
    caveat explaining the bug and told to go to 7.2.3 which was supposed to
    resolve it. We did as requested and suffered the same fate with memory
    leaking and forcing reboot about every 2-3 weeks. We were then told to move
    to version 8 when it was released to resolve the issue due to a new caveat.
    We have not did this yet but are in the process due to the amount of clients
    involved. Another bug we ran into and was provided the caveat for was when
    we fail the units to repair the memory leak their is another bug which
    affects l2l connections causing 1 way traffic due to reverse route injection
    somehow being lost after a failover. Again we were told to move to version
    8 to resolve this as well. Sad part is we have been informed of numerious
    bugs w/8 code also so this may turn into a nasty upgrade for us. Just FYI
    our environment uses the firewalls mainly for outside in entry to our local
    network with multiple l2l connections, 200+ SSL connections and 50+ IPSec
    connections. We do have 7.2.2 code and 8 code running on some 5505's doing
    nothing but l2l connections that have ran w/out issues for quite a while.
    Your milage may vary.


    "Buck Rogers" <> wrote in message
    news:...
    > Hello,
    >
    > Based on input within this newsgroup, I purchased an ASA 5505 for a
    > client. I've configured it, tested it and all works great. This
    > client needs the unit for a stepped-up firewall compared to what he
    > used to have (basic Netgear firewall), plus usage for VPN purposes (7
    > employees).
    >
    > The unit I purchased is running OS version 7.2(3) and ASDM version
    > 5.2(3). Should I upgrade the OS version to 8.0(3) and the ASDM
    > version to 6.0(3) prior to bringing it on-line?
    >
    > Whether yes or no, I'd appreciate you sharing your reasoning, as I'm
    > averse to upgrading "just because it's available".
    >
    > Regards and Happy New Year,
    >
    > Buck
     
    Its me Earnest T., Jan 1, 2008
    #5
  6. Buck Rogers

    Buck Rogers Guest

    On Mon, 31 Dec 2007 18:30:27 -0500, "Brian V" <>
    wrote:

    >
    >"Buck Rogers" <> wrote in message
    >news:...
    >> On Sun, 30 Dec 2007 23:14:00 -0500, "Brian V" <>
    >> wrote:
    >>
    >>>
    >>>"Buck Rogers" <> wrote in message
    >>>news:...
    >>>> Hello,
    >>>>
    >>>> Based on input within this newsgroup, I purchased an ASA 5505 for a
    >>>> client. I've configured it, tested it and all works great. This
    >>>> client needs the unit for a stepped-up firewall compared to what he
    >>>> used to have (basic Netgear firewall), plus usage for VPN purposes (7
    >>>> employees).
    >>>>
    >>>> The unit I purchased is running OS version 7.2(3) and ASDM version
    >>>> 5.2(3). Should I upgrade the OS version to 8.0(3) and the ASDM
    >>>> version to 6.0(3) prior to bringing it on-line?
    >>>>
    >>>> Whether yes or no, I'd appreciate you sharing your reasoning, as I'm
    >>>> averse to upgrading "just because it's available".
    >>>>
    >>>> Regards and Happy New Year,
    >>>>
    >>>> Buck
    >>>
    >>>No to the 8. train on the 5505's especially in production. There is a
    >>>nasty
    >>>bug that effects the 2048 blocks and 5505's that some customer run into
    >>>that
    >>>Cisco hasn't been able to be resolved yet. It was "supposed" to be fixed
    >>>in
    >>>8.0(3), but it has not. The 7.2(3) is just fine in production.

    >>
    >>
    >> Brian,
    >>
    >> Thanks for the quick response.....and the heads up on the problems
    >> with 8.0(3). I'll do some more investigation prior to upgrading. Is
    >> there some info on the Cisco web site that addresses this issue?
    >>
    >> Regards,
    >>
    >> Buck

    >
    >Sure, in the bug tool kit. The one I've run in to at several customers is
    >CSCsk21548 This specifically relates to the 1550 size blocks in 5510's and
    >higher. It was explained to me by the TAC engineer that the 5505 utilizes
    >the 2048 blocks rather than the 1550's in the larger firewalls and they fall
    >under the same bug.



    Thanks Again Brian,

    I'll read the info on the bug and delay upgrading until all is under
    control.

    Regards,

    Buck
     
    Buck Rogers, Jan 2, 2008
    #6
  7. Buck Rogers

    Buck Rogers Guest

    On Mon, 31 Dec 2007 19:48:54 -0500, "Its me Earnest T."
    <> wrote:

    >This is quite interesting cause in our environment we have been asked to
    >move to 8 due to the bugs in 7.2.2 and 7.2.3. First problem we had was with
    >a bad memory leak which would require us to failover/reboot
    >primary/failback. We origionally worked w/TAC on 7.2.2 and were given the
    >caveat explaining the bug and told to go to 7.2.3 which was supposed to
    >resolve it. We did as requested and suffered the same fate with memory
    >leaking and forcing reboot about every 2-3 weeks. We were then told to move
    >to version 8 when it was released to resolve the issue due to a new caveat.
    >We have not did this yet but are in the process due to the amount of clients
    >involved. Another bug we ran into and was provided the caveat for was when
    >we fail the units to repair the memory leak their is another bug which
    >affects l2l connections causing 1 way traffic due to reverse route injection
    >somehow being lost after a failover. Again we were told to move to version
    >8 to resolve this as well. Sad part is we have been informed of numerious
    >bugs w/8 code also so this may turn into a nasty upgrade for us. Just FYI
    >our environment uses the firewalls mainly for outside in entry to our local
    >network with multiple l2l connections, 200+ SSL connections and 50+ IPSec
    >connections. We do have 7.2.2 code and 8 code running on some 5505's doing
    >nothing but l2l connections that have ran w/out issues for quite a while.
    >Your milage may vary.
    >
    >
    >"Buck Rogers" <> wrote in message
    >news:...
    >> Hello,
    >>
    >> Based on input within this newsgroup, I purchased an ASA 5505 for a
    >> client. I've configured it, tested it and all works great. This
    >> client needs the unit for a stepped-up firewall compared to what he
    >> used to have (basic Netgear firewall), plus usage for VPN purposes (7
    >> employees).
    >>
    >> The unit I purchased is running OS version 7.2(3) and ASDM version
    >> 5.2(3). Should I upgrade the OS version to 8.0(3) and the ASDM
    >> version to 6.0(3) prior to bringing it on-line?
    >>
    >> Whether yes or no, I'd appreciate you sharing your reasoning, as I'm
    >> averse to upgrading "just because it's available".
    >>
    >> Regards and Happy New Year,
    >>
    >> Buck

    >


    Thanks for the great input Ernest T.,

    I'll keep things the way they are now and monitor the unit on-line for
    any of the issues you describe above.

    Regards,

    Buck
     
    Buck Rogers, Jan 2, 2008
    #7
  8. Buck Rogers

    dayhkr Guest

    Personally I would hold off unless you need the extra functions of the
    8.0(3) code. I had to upgrade to support Vista on the WebVPN client
    and I am running into a memory leak causing me to reboot every so many
    months.
     
    dayhkr, Jan 8, 2008
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    3,365
  2. Tilman Schmidt
    Replies:
    3
    Views:
    19,774
  3. MarcoGuttadauro

    Cisco ASA 5505 - unable to use ASDM Launcher

    MarcoGuttadauro, Mar 7, 2008, in forum: Cisco
    Replies:
    1
    Views:
    14,260
    Greeley
    Mar 7, 2008
  4. geek98
    Replies:
    1
    Views:
    5,271
    geek98
    Apr 17, 2010
  5. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    668
    Dogg Child
    Jun 7, 2010
Loading...

Share This Page