Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
15
Helpful
5
Replies

ASA recommended software

carl.townshend
Level 1
Level 1

‎11-24-2022 07:13 AM

Hi Guys

We have a Cisco ASA 5545 with software version - 9.8(4)41

We are having lots of strange issues going on with NAT, whenever we add objects, or amend NAT rules, it deletes random rules, changes source and dest ranges and randomly reorders them, this is causing us lots of issues.

Has anyone seen this?

What is the recommended stable version we should upgrade to?

Cheers

 

0 Helpful
5 Replies 5

MHM Cisco World
VIP
VIP

‎11-24-2022 07:36 AM - edited ‎11-24-2022 07:39 AM

""randomly reorders them""
I dont think there is issue with ordering, the reordering is default behave of ASA, 
132805-Sections-Ordering.jpg

0 Helpful

carl.townshend
Level 1
Level 1
In response to MHM Cisco World

‎11-24-2022 08:09 AM

Hi

The issue is with the Manual NAT rules, each time we change one, it appears to delete another or re order them, definitely looks like a software bug.

What version of code is recommended that we can go straight to?

cheers

0 Helpful

tvotna
Spotlight
Spotlight
In response to carl.townshend

‎11-25-2022 07:33 AM

Which software do you use to manage NAT and ACL rules? Is it CSM, ASDM or CLI? With CLI, what you describe should never happen. With CSM I faced with NAT reordering once, but this was very corner case too, caused by "inactive" NAT rules. Blind ASA software upgrade won't probably help you until you get to the root cause of the issue.

MHM Cisco World
VIP
VIP
In response to tvotna

‎11-25-2022 08:10 AM

I totally agree with you.

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-24-2022 10:29 AM

Hi @carl.townshend,

I would advise to go for latest 9.12 Interim release (as of this moment that would be 9.12.4-54). Although highest supported version would be 9.14 for this platform, it will have shorter lifetime than 9.12.

Kind regards,

Milos

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card