[c-nsp] ASA5520 which image should I use?

[Ryan West]

Nick,

I agree with you on the earlier 7.2(4) releases, in particular 7.2(4)18 was bombing on us in multiple locations with site to site tunnels.  However, I think the same interim released bugs were in both trains.  In terms of bug fixes and general release times, 8.0(4)32 and 7.2(4)33 were released two days apart and have held up to any of the recent of PSIRT fixes.  I won't run 8.0(4)16 anywhere, just as I won't run 7.2(4)18.

I used the bugID Justin mentioned a while back to get 8.2.1(3) and it has proved to be stable for AnyConnect Essential customers.  I'm not sure why Cisco isn't releasing anything in the way of interim updates, the last was the 18th of May, I would rather not contact TAC for anything outside of the main train.

-ryan

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of NMaio at guesswho.com
Sent: Friday, September 25, 2009 9:30 AM
To: amsoares at netcabo.pt
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA5520 which image should I use?

Obviously everybody's experience has been different but I have been running very nicely on 8.0.x code.  I am running on the latest interim code on both ASAs and PIXs due to a security flaw though.    (knock on wood) It has been very stable.  7.2.4 code was very buggy for me.  I was upgrading probably every other month due to bugs until we jumped to 8.x code a while ago.

Justin,
I believe I saw your posts on the RANCID list and although the 8.2 coredump problem can be a pain you can modify your rancid script to ignore the coredump file when rancid does a show flash.  I do this for dhcp snooping since the db is small enough that I can keep it in flash.  (Yes I know about the warning that they give when you configure like this)  Every time a lease expires or a new lease is distributed the file is updated which would make rancid grab the change.   

Nick