Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
1
Replies

Which ASA Software Version to Use?

ds6123
Level 1
Level 1

‎04-08-2013 01:03 PM - edited ‎03-11-2019 06:25 PM

A few questions:

1.  Is there a rhyme or reason on what is posted on CCO under the "Latest Releases" header? Right now, it has 9.0.2.ED, 8.4.5.ED and 8.2.5.ED listed (but not 9.1.1.ED).  Instead, 9.1.1.ED is listed further below under "All Releases".  Is this Cisco's way saying don't use 9.1.1.ED? 

2.  I've gone through the release notes of all of them, and frankly, they all seem to have show stopper bugs.  Right now, we're trying to upgrade a pair of firewalls from 8.2 to modern software.  Previously an attempt was made to go to 9.1.1.ED (released Dec 2012) and the customer had strange problems (certain apps would stop working) after a few hours so they reverted  back to 8.2.  The fact that 9.1.1.ED is buried under "All Releases" concerns me.  There's a 9.1.1 Interim release (from  March 2013) that I'm considering using.  Of course, there are 85 bugs fixed in that Interim release and none of them really match the symptoms the customer experienced.  Should I use this Interim release?

3.  Maybe I should go down to 9.0.2.ED (released Feb 2013)?  Maybe much older releases?  BTW, this is just a simple ASA5520 with plenty of RAM.

Why are there so many bugs?  I could spend an eternity going through all of them. 

9-1-1-not-there.png

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎04-08-2013 01:21 PM

Hi,

Most of the ASA I use are using a software between 8.4(1) and 8.4(5)

To my understanding the software 9.1(1) has had for example some NAT configurations that cause problems for people. That is also one reason why I havent updated some of our ASAs.

To be honest I havent run into or identified that many bugs in our environment. Also one thing that probably minimizes our risk to bump into a bug is that we use multilple ASA firewalls for different purposes (Firewalling/NAT and VPN separately)

Latest recomendation I have heard has been 8.4(5) but to be honest as soon as I heard that I was told elsewhere that people were running into major problems using this software. So I guess it comes down to what you configure/use on the ASA in question and for example if you are using Failover or not.

Im probably still going to wait some time for some newer releases before I upgrade our devices.

One reason the 9.1(1) might not be shown at the top is that the software 9.0(2) is newer than 9.1(1)

EDIT: Actually there seems to be a release 9.1(1)4 which is newer than 9.0(2). Under the 9.1.1 Interim. I guess it must have some bugfixes related to the 9.1(1) software. Doh I must be blind you already mentioned this

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card