ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
User avatar
phoeneous
Senior Member
Posts:
316
Joined:
Tue Dec 30, 2008 2:43 pm
Certs:
Pimp status

Next stable asa version after 8.2(3)

Fri Mar 09, 2012 1:54 pm

I need to update my asa from 8.2(3) to whatever the next stable version is. I know some people where having issues with the 8.3 releases. Is 8.4 looking good for everyone?
thelostpackets.blogspot.com - randomness from the bit bucket

javentre
Post Whore
Posts:
1872
Joined:
Fri Jul 09, 2010 7:38 pm

Re: Next stable asa version after 8.2(3)

Fri Mar 09, 2012 1:57 pm

8.4.2 has been good for me.
Just be aware that after 8.2, the NAT config changes.
http://networking.ventrefamily.com

User avatar
mlan
Ultimate Member
Posts:
752
Joined:
Thu Nov 17, 2011 6:09 pm

Re: Next stable asa version after 8.2(3)

Fri Mar 09, 2012 2:11 pm

8.4.2 has been ok for us as well. I believe the consensus is to upgrade from 8.2 -> 8.3 -> 8.4

See this thread: http://www.networking-forum.com/viewtopic.php?t=26620

User avatar
ristau5741
Post Whore
Posts:
9969
Joined:
Tue Aug 21, 2007 2:15 pm
Certs:
Instanity

Re: Next stable asa version after 8.2(3)

Fri Mar 09, 2012 2:18 pm

running 8.4(3) here with no issues, for about a week now.
Tips of the day:
- The human mind is the ultimate creation invention.
- "Emergency Belkin. $40........................Boom."
- "I see" said the blind man pissing into the wind, "it's all coming back to me".
- Sausage time

User avatar
Dinger
Post Whore
Posts:
1397
Joined:
Fri Apr 25, 2008 2:16 pm
Certs:
CCNP, CCNA:Sec, MCSE

Re: Next stable asa version after 8.2(3)

Fri Mar 09, 2012 2:18 pm

I have lots of ASAs running 8.2(5)13 ; technically that's after 8.2(3) :-)
"A problem well stated is a problem half solved". (Charles Kettering)

User avatar
ristau5741
Post Whore
Posts:
9969
Joined:
Tue Aug 21, 2007 2:15 pm
Certs:
Instanity

Re: Next stable asa version after 8.2(3)

Fri Mar 09, 2012 2:32 pm

Dinger wrote:I have lots of ASAs running 8.2(5)13 ; technically that's after 8.2(3) :-)



8.2(5)22 is out since January, previous interium was the 8.2(5)13

mlan, technically, the recommended upgrade process is is
8.2 -> last stable release in 8.2 train -> 8.3 -> last stable release in 8.3 train -> 8.4 -> latest 8.4 release.

but then again I went directly from 8.0(5) to 8.4(1)51 with no issues.
Tips of the day:
- The human mind is the ultimate creation invention.
- "Emergency Belkin. $40........................Boom."
- "I see" said the blind man pissing into the wind, "it's all coming back to me".
- Sausage time

User avatar
Vito_Corleone
Moderator
Posts:
9809
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Next stable asa version after 8.2(3)

Fri Mar 09, 2012 2:52 pm

8.4(3) has been good for me
http://blog.alwaysthenetwork.com

willroute4food
Member
Posts:
200
Joined:
Fri Nov 13, 2009 4:42 pm
Certs:
CCIE R&S

Re: Next stable asa version after 8.2(3)

Fri Mar 09, 2012 3:40 pm

I got a copy of 8.4(2)-5 from TAC that has been rock solid. So i am figuring that 8.4(3) is fine.

User avatar
Vito_Corleone
Moderator
Posts:
9809
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Next stable asa version after 8.2(3)

Fri Mar 09, 2012 4:07 pm

willroute4food wrote:I got a copy of 8.4(2)-5 from TAC that has been rock solid. So i am figuring that 8.4(3) is fine.


What issue were you hitting on 8.4(2)?
http://blog.alwaysthenetwork.com

willroute4food
Member
Posts:
200
Joined:
Fri Nov 13, 2009 4:42 pm
Certs:
CCIE R&S

Re: Next stable asa version after 8.2(3)

Fri Mar 09, 2012 9:14 pm

Honestly we were having some issues where the configuration wasnt loading right after a reboot. It would parse valid lines out of the config. You could manually reinsert them though. It was quite strange.

User avatar
Dinger
Post Whore
Posts:
1397
Joined:
Fri Apr 25, 2008 2:16 pm
Certs:
CCNP, CCNA:Sec, MCSE

Re: Next stable asa version after 8.2(3)

Sat Mar 10, 2012 11:21 pm

ristau5741 wrote:
8.2(5)22 is out since January, previous interium was the 8.2(5)13


careful using 8.2(5)22; it crashes the standby unit upon booting. See viewtopic.php?t=29501 for more info.
"A problem well stated is a problem half solved". (Charles Kettering)

rc172
Member
Posts:
213
Joined:
Sun Apr 17, 2011 3:28 pm
Certs:
CCSP/CCNP:Security GIAC GPEN

Re: Next stable asa version after 8.2(3)

Sat Mar 10, 2012 11:24 pm

The majority of my clients firewalls are on 8.4.2 and we haven't had any issues. Various configurations of 5510's and 5505's.
The Cubicle Wizard
http://cubiclewizard.blogspot.com/

User avatar
michoudi
Ultimate Member
Posts:
507
Joined:
Wed Sep 01, 2010 9:46 pm
Certs:
CCNA R&S/Security, IPS Specialist, 642-642

Next stable asa version after 8.2(3)

Sun Mar 11, 2012 12:50 am

I'm curious, what is the reasoning for upgrading in increments instead of from 8.2 straight to 8.4?

User avatar
phoeneous
Senior Member
Posts:
316
Joined:
Tue Dec 30, 2008 2:43 pm
Certs:
Pimp status

Re: Next stable asa version after 8.2(3)

Sun Mar 11, 2012 5:39 pm

Thanks for the replies everyone.

I was having issues configuring anyconnect for voip and I thought it was because of my version. Turns out, tac sent me config example for a router and not asa which is why the commands didnt match up. Specifically crypto ca vs crypto pki.
thelostpackets.blogspot.com - randomness from the bit bucket

myly
New Member
Posts:
7
Joined:
Thu Mar 15, 2012 3:13 pm
Certs:
CCENT

Re: Next stable asa version after 8.2(3)

Fri Mar 16, 2012 4:23 pm

michoudi wrote:I'm curious, what is the reasoning for upgrading in increments instead of from 8.2 straight to 8.4?


8.2 to 8.3 is considered a major upgrade, something with the restructuring of the NAT configurations. I just upgraded one of our ASA's from 8.2 to 8.3. We've been running it for about 3 months now without any issues from what I can tell. I'm in the process now of upgrading our second ASA which we are running the CAC VPN on, that was a pain to duplicate on the replacement ASA but a sense of accomplishment when it finally worked! :dance:

It seems we will be holding off on the 8.4 upgrade until it has been out for a bit.

I've only been in the networking game since the end of 2009 and I only have a CCENT so take it however :)

myly
New Member
Posts:
7
Joined:
Thu Mar 15, 2012 3:13 pm
Certs:
CCENT

Re: Next stable asa version after 8.2(3)

Fri Mar 16, 2012 5:55 pm

michoudi wrote:I'm curious, what is the reasoning for upgrading in increments instead of from 8.2 straight to 8.4?



Here are the release notes for 8.3
http://www.cisco.com/en/US/docs/securit ... arn83.html

•NAT redesign.

•Real IP addresses in access rules instead of mapped addresses.

•Named network objects and service objects.

'

Return to Cisco Security

Who is online

Users browsing this forum: Exabot [Bot] and 15 guests