Re: Upgrade ASA 5545 from 9.12 to 9.14?

seahorse · ‎05-08-2024

We are planning to upgrade our cisco ASA with 9.12x and regarding services we have HA, VPN, NAT

I have read that ASA 9.12(x) was the final version for the ASA 5512-X, 5515-X, 5585-X, and ASASM, so for ASA 5545 better go with 9.14?

Both versions are compatible with the same ASDM 7.18(1.152) so that no new ASDM image would be needed.

What will the best way to upgrade vias ASDM? Or cli and a ftp server?

Any further things to be think of`?

Thank you for your recommendations.

Rob Ingram · ‎05-08-2024

@seahorse both the latest 9.12 and 9.14 versions have been updated recently and support the fixes for latest vulnerabilities.

Bear in mind there are changes introduced in 9.13 and therefore apply if upgrading to 9.14, such as depreciating weak crypto - https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/release/notes/asarn913.html

You can upgrade using either ASDM or CLI, use whatever you are most comfortable with. The guide below covers both procedures. https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/asa-appliance-asav.html#topic_r5l_tt5_bbb

tvotna · ‎05-09-2024

@seahorse, it makes no sense at all to upgrade to 9.14, because this version has been EoLed long before 9.12. The reason is: 9.12 is a super long term release and it was EoLed at 9.12(4)65 (1/25/2024), while 9.14 is not a super long term version and it was EoLed at 9.14(4)23 (03/01/2023).

Then PSIRT only fixes were incorporated into 9.12(4)67 and 9.14(4)24, but 9.14 missed lots of regular code fixes for 2023/2024 period, which present in 9.12.

HTH