cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

909
Views
0
Helpful
1
Replies
Highlighted
Beginner

8.4(2) avoid! Is there a stable release?

1. During the upgrade, it modifies by nat statements by putting in no-proxy-arp's where I don't have unidirectional stated.  This causes me to reprogram the many firewalls I have...again (I get it that upgrading to 8.3(2) did the unidirectional because it did not exist, but now that you are going from 8.3(2) and above, please don't add this if I have 8.3(2) and above)

2. Site-to-Site routing no longer works.  It's not routing packets between tunnels or from the tunnel to the inside interface on the device.  Same thing for Remote VPN connected users (I am using AnyConnect SSL); 8.4(1) works

3. DHCPD has major issues. It will continously cycle through it's pool of addresses and creates IP conflicts on the network.  This doesn't always happen right away after an upgrade, but once it starts happening, no matter how many reboots or tweaks to DHCPD you make, nothing works.

Downgrade to 8.4(1) is straight forward but I have been expirencing other odd issues dealing with DNS lookups for the site-to-site IPSEC locations.  They seem to timeout or fail to the next DNS server and the way I have the DNS servers set, it looks home first then public second (in case there is a tunnel disconnect, they will still have Internet).  8.3(2) seemed the most stable for me.

Other expirences?  What are the most stable releases others have expirenced?

Everyone's tags (4)
1 REPLY 1
Highlighted
Cisco Employee

8.4(2) avoid! Is there a stable release?

Hi Walter,

For issue #1: This is expected behavior and is documented in the release notes for 8.4(2) here (search in page for "proxy arp":

http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html#wp535067

For issue #2: This is caused by the following bug and is fixed in 8.4.2.5 and higher:

CSCtr16184 - To-the-box traffic fails from hosts over vpn after upgrade to 8.4.2

For issue #3: If you have DDNS updates enabled as part of the DHCPD functionality, this may be caused by CSCtg06320 - DHCP ACK not sent by the firewall. However, you could open a TAC case to have this investigated further.

The most stable 8.4 release is currently 8.4.2.8 and is available on cisco.com. This release contains all of the current bug fixes that are available. As always, it is a good idea to review the release notes prior to upgrading to check the list of open caveats.

Hope that helps.

-Mike