This is exactly what I am after... though I will need to update my ASA. The article says it requires 7.2(1) or later. We are running 7.0(7). What is the recommendation with upgrading the ASA?

I have read that upgrading to 7.2(x) can cause stability issues and you should only upgrade if you require certain feature or to resolve bugs.

Do we upgrade to the 7.2(1) as this is all we need or do we upgrade to version 8.x??? What are potential problems with upgrading? And how can we minimize the problems?

Phillip, indeed , I have as well read may comments,it all depends on your environment as they all differ from one another, you best bet is to have a good solid plan for upgrade and fall back. You do have a justification to upgrade for features needed, so I would suggest the following:

1- Do a search again in forum for ASA code upgrades and look at comments from users that have gone through this process and note their impact in fuctionality if any. I believe this is good resource to collect information .

2- Very important , look into release notes for a particular version. For example version 8.0, look into open CAVEATS usually at the end of the link page, reading the open bugs gives you clues what has not yet been resolved for that particular code and if in fact could impact you in your environment, it is possible that a particular bug does not realy apply to your environment becuase you have yet not implemented that particualr configuration. Usually we all try to aim towards a GD (General Deployment) code which is what we all understand is most stable but not necesarily means you have to be stack in that code waiting for another GD release, in my personal experience I have upgraded our firewall from 7.2 to 8.0(3) long ago and had no issues, and recently upgraded to 8.0(4)when it was first release in August this year.

Release notes

http://www.cisco.com/en/US/products/ps6120/prod_release_notes_list.html

3- AS a good practice precaution -

a-Backup firewall configs in clear text as well as via tftp code.

b-Backup running code and ASDM version code currently running in firewall.

c- Save the output of " show version " to have as reference for all the feature licenses you currently have running as asll as activation keys - good info to have to compare with after upgrade.

d- Ensure that the code you will be using to upgrade also uses correct ASDM version code.

I think with thorough assesment and preparation you can indeed minimize impact.

Rgds

Jorge

Thanks! We have successfully upgraded to 7.2. I have also tested the Link posted about setting up the use of a Backup ISP. It cuts over to the second static route for the Backup ISP fine... but the problem now is NAT. I get translation errors. And when I attempt to create a new NAT rule for the Backup ISP, it will not allow me to, as it says I already have one configured. Any Ideas?

We are using PAT with using the Interface IP on the Primary ISP... and we would like to configure the same on the Backup ISP. Is this actually possible?