cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
488
Views
0
Helpful
2
Replies

Why Update 9.1 to 9.6

rjadhav163
Level 1
Level 1

Hello

we are using a Cisco ASA Firewall pair for basic Access List, NAT and Site-2-Site IKEv1 VPN.

The firewall is just sitting there and there has not been any need of configuration change in last 1 year and there wont be any change in configuration for next 2-3 years.

No Next-Generation features are required.

The firewall is running version 9.1.7 and is under CIsco Support.

We dont need to use any new Next Gen features. Any security related patches for Firewalls are released for version 9.1.7.

So the question is: Should I upgrade to latest RECOMMENDED ASA version like 9.6.3 or higher? Is it strongly recommemded for any particular reason? Or we can stay with 9.1.7 with which we are satisfied?

Regards,

R

2 Replies 2

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi,

If the ASA is running stable and you do not need to add any new features it is better to stay on the same code.

However, if you want to upgrade to the latest code you can go for it.

The latest interim image on 9.1.7 is 9.1.7.16 which is a star image and is Cisco suggested.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Marvin Rhoads
Hall of Fame
Hall of Fame

I mostly agree with what Aditya said. It also depends on yor platform. Assuming it is a 5500-X series you can run later verisons. Non-X stop after the 9.1 code train.

I would add that if you are subject to compliance or other auditing requirements, you may get a complaint that your 9.1(x) code doesn't support TLS 1.2.

However that is only used for ASDM management unless you have a remote access SSL VPN also configured. In the ASDM case you can mitigate it via other methods (restrict management or use only cli and turn off the http server that ASDM uses).

Eventually Cisco will stop supporting 9.1(x) but that day hasn't come yet.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: