Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9342
Views
16
Helpful
3
Replies

ASA 5500-X series software difference

Go to solution
mike kao
Level 1
Level 1

‎02-17-2016 02:17 AM - edited ‎03-12-2019 12:19 AM

Hi,

I'm planning upgrade ASA5508-X from 9.4.2 to 9.5.2.

But I search on cisco.com site have "asa952-smp-k8.bin" and "asa952-lfbff-k8.SPA".

I click the release notes links are the same.

Can somebody tell me what difference between these two software?

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
David99
Level 1
Level 1

‎02-17-2016 03:13 AM

If you look closely you'll note that the images are for different hardware platforms so just be sure you get the correct one for your platform - the SPA is relevant to your device

https://software.cisco.com/download/release.html?mdfid=286285773&softwareid=280775065&release=9.5.2%20Interim&relind=AVAILABLE&rellifecycle=&reltype=latest

I suspect that the .bin files are for regular ASA-X platforms and the SPA are for Firepower

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to David99

‎02-17-2016 06:50 AM

@David99

You're right that the images are for different hardware platforms.

It's not the FirePOWER module that's the distinguishing characteristic though. The 5512/15/25/45/55/85-X all have the option of FirePOWER module.

The 5506/08/16 models have built-in checking of the digital signature of the software. It's a security and anti-piracy feature Cisco is adding across several product lines. Thus they have the "SPA" variant which works with the on board "ACT 2 Lite" cryptographic module.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2125.pdf

http://www.cryptsoft.com/fips140/out/cert/2125.html

Also, the 5506-W-X model has a built in WLC and the image has code to support that.

View solution in original post

3 Replies 3

Go to solution
David99
Level 1
Level 1

‎02-17-2016 03:13 AM

If you look closely you'll note that the images are for different hardware platforms so just be sure you get the correct one for your platform - the SPA is relevant to your device

https://software.cisco.com/download/release.html?mdfid=286285773&softwareid=280775065&release=9.5.2%20Interim&relind=AVAILABLE&rellifecycle=&reltype=latest

I suspect that the .bin files are for regular ASA-X platforms and the SPA are for Firepower

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to David99

‎02-17-2016 06:50 AM

@David99

You're right that the images are for different hardware platforms.

It's not the FirePOWER module that's the distinguishing characteristic though. The 5512/15/25/45/55/85-X all have the option of FirePOWER module.

The 5506/08/16 models have built-in checking of the digital signature of the software. It's a security and anti-piracy feature Cisco is adding across several product lines. Thus they have the "SPA" variant which works with the on board "ACT 2 Lite" cryptographic module.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2125.pdf

http://www.cryptsoft.com/fips140/out/cert/2125.html

Also, the 5506-W-X model has a built in WLC and the image has code to support that.

Go to solution
TS-Networker
Level 1
Level 1
In response to Marvin Rhoads

‎06-04-2020 06:26 PM

Thank you david.  That was well explained. it sounds like bitlocker keys and TPM motherboard chips way of work.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card