1. During the upgrade, it modifies by nat statements by putting in no-proxy-arp's where I don't have unidirectional stated. This causes me to reprogram the many firewalls I have...again (I get it that upgrading to 8.3(2) did the unidirectional because it did not exist, but now that you are going from 8.3(2) and above, please don't add this if I have 8.3(2) and above)
2. Site-to-Site routing no longer works. It's not routing packets between tunnels or from the tunnel to the inside interface on the device. Same thing for Remote VPN connected users (I am using AnyConnect SSL); 8.4(1) works
3. DHCPD has major issues. It will continously cycle through it's pool of addresses and creates IP conflicts on the network. This doesn't always happen right away after an upgrade, but once it starts happening, no matter how many reboots or tweaks to DHCPD you make, nothing works.
Downgrade to 8.4(1) is straight forward but I have been expirencing other odd issues dealing with DNS lookups for the site-to-site IPSEC locations. They seem to timeout or fail to the next DNS server and the way I have the DNS servers set, it looks home first then public second (in case there is a tunnel disconnect, they will still have Internet). 8.3(2) seemed the most stable for me.
Other expirences? What are the most stable releases others have expirenced?
For issue #2: This is caused by the following bug and is fixed in 220.127.116.11 and higher:
CSCtr16184 - To-the-box traffic fails from hosts over vpn after upgrade to 8.4.2
For issue #3: If you have DDNS updates enabled as part of the DHCPD functionality, this may be caused by CSCtg06320 - DHCP ACK not sent by the firewall. However, you could open a TAC case to have this investigated further.
The most stable 8.4 release is currently 18.104.22.168 and is available on cisco.com. This release contains all of the current bug fixes that are available. As always, it is a good idea to review the release notes prior to upgrading to check the list of open caveats.
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,...
Join us live on Tuesday, May 19th at 10 am PT (and on demand after) as we officially bust the myths around SMBs and cybersecurity. Join our experts for a live Cisco Chat - we'll share some fascinating survey results, and outline key factors for a suc...