Solved: Re: ASA Upgrade from 9.1(1)

sreeraj.murali · ‎01-08-2018

Hi,

I want to upgrade the ASA 5512 and 5525 from 9.1(1) to the latest recommended version. Please suggest the recommended stable version to upgrade to - 9.6/9.7.

Thanks

Sreeraj

Seb Rupik · ‎01-08-2018

Yes that particular vulnerability is fixed in the suggested release.

You asked for a version of either the 9.6 or 9.7 train. v9.7 has had less revision, and unless there is a feature which was made available in v9.7, v9.6 is the suggested release.

So in choosing a release from the v9.6 go for the latest 'interim' release which contains bug fixes discovered since the last feature/ maintenance release.

cheers,

Seb.

View solution in original post

Seb Rupik · ‎01-08-2018

Hi there,

For both platforms v9.6.3 is the recommended release. specifically you will want the interim release:

asa963-20-smp-k8.bin

cheers,

Seb.

sreeraj.murali · ‎01-08-2018

Thanks for expert input.

Basically I want to mitigate the below vulnerability by the code upgrade

Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Web link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike.

Hope this vulnerability will be fixed with the ASA code-asa963-20-smp-k8.bin. Please suggest also, Any specific reason for suggesting asa963-20-smp-k8.bin. Kindly provide your expert inputs.

Seb Rupik · ‎01-08-2018

Yes that particular vulnerability is fixed in the suggested release.

You asked for a version of either the 9.6 or 9.7 train. v9.7 has had less revision, and unless there is a feature which was made available in v9.7, v9.6 is the suggested release.

So in choosing a release from the v9.6 go for the latest 'interim' release which contains bug fixes discovered since the last feature/ maintenance release.

cheers,

Seb.

sreeraj.murali · ‎01-09-2018

Thanks. Could you please advice on the below bug as well.

Potential Traffic Outage (9.6(2.1) through 9.6(3))—Due to bug CSCvd78303, the ASA may stop passing traffic after 213 days of uptime. The effect on each network will be different, but it could range from an issue of limited connectivity to something more extensive like an outage. You must upgrade to a new version without this bug, when available. In the meantime, you can reboot the ASA to gain another 213 days of uptime. Other workarounds may be available. See Field Notice FN-64291 for affected versions and more information.

Will, asa963-20-smp-k8.bin addresses this.

Also do suggest, the supported recommended ASDM version.

Thanks

sreeraj.murali · ‎01-10-2018

Hi,

I am not able to find ASA code-asa963-20-smp-k8.bin on Cisco download section. I am looking at asa963-1-smp-k8.bin. Please comment.

Thanks

Sreeraj

Seb Rupik · ‎01-10-2018

Look under All Releases -> Interim -> 9 -> 9.6.3

sreeraj.murali · ‎01-14-2018

Thanks a lot, I could find 9.6.3(2), which comes under the interim release.

M Mohammed · ‎01-08-2018

in addition to all the replies, here is the link which will give you information on upgrade path
https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#id_58680

Regards
MM