ASA 5515X code trains

lcaruso · ‎06-18-2013

Hi,

I heard someone at TAC say that the reason there is a 9.0 code release and a 9.1 code releas--both current versions---for the 5515X is...

9.0 is for ASAs without the CX module and

9.1 is for ASAs with the CX module.

Then I've heard someone say...

don't run 9.1 on ASAs without the CX module

and others say go ahead it doesn't hurt anything.

Anyone know the real deal here?

BTW, my sources for all comment above is TAC engineers.

I don't expect to find this in a search online.

Thanks.

Marvin Rhoads · ‎06-19-2013

Both the 9.0 and 9.1 trains are legitimate for non-CX module ASAs. I had hit some bugs on a 9.0(1) deployment on 5515X ASAs and the TAC-recommended fix (which worked) was to upgrade to 9.1(1). That was before 9.0(2) was released so this month's recommendation might be different.

Generally speaking, IOS (or ASA) image selection has both objective and subjective factors. Of course you need at least the minimum revision that supports your hardware and the features you are deploying. Beyond that, we generally try to steer clear of the first major release in any train and wait for the next bug fix release, especially in production environments. When you have multiple trains active, as is often the case, general advice needs to be taken into account but tempered by your specific situation's considerations.

Study the release notes and, when in doubt, consult with your partner or Cisco SE teams.

lcaruso · ‎06-19-2013

Thanks for taking the time to respond.

I've had both experiences.

Previously, we had a 5512X on 9.1(1) and Cisco TAC told us to "upgrade" to 9.0(2) to fix the problem and also stated 9.1(x) was only for CX module ASAs.

Now we have a 5515X on 9.0(2) with a bug and TAC is telling us to "upgrade" to 9.1(2).

These software engineering nuances to my knowledge are not covered in the relase notes. I've worked as a Software Engineer and there is nothing subjective about code releases.

I've not asked for general advice on Cisco releases. I've been dealing with them since 2001, and, in general, I agree with the advice that is ubiquitous. We only implented 9.x for new features needed.

We are a Cisco Partner. Apparently, that hasn't made it any easier to get the same answer from one organziation when talking to two or more different people given the same question.

Here's my question:

Current Releases

9.1(2)

9.0(2)

8.6(1)

What are these releases for? Cisco care to answer the question?

Marvin Rhoads · ‎06-19-2013

You're welcome, I work for a partner too.

I've heard different things at different times from the TAC, our CSEs and the business unit. Each segment answers questions according to the context in which they are asked and based on a combination of hard and fast guidance (if any) and their personal knowledge of both the platform and the customer's environment. That's the subjective element I was referring to.

Complicating the fact is that some bugs are neither publicly released nor are their resolved status documented in the release notes. TAC is generally the best source for that information.

lcaruso · ‎06-19-2013

I understand your usage of subjective. My apologies if my attribution was unclear.

I agree. It's the same problem all large, successful companies in this sector face.

What I meant regarding subjective was someone deep within the company structure knows these answers, but those answers are not always the same within TAC who relies on internal dissemination. Whoever coded 9.0(x) and 9.1(x) knows the reasons for these releases.