[c-nsp] ASA5510 Code

Higham, Josh jhigham at epri.com
Fri Jan 25 12:16:59 EST 2008


Second the bugginess of 8.0

I had two problems, one was with an ACL where a permit entry was not
being hit, fixed by a reboot and the other as follows:

Inside network: 192.168.100.0/24
DMZ network: 172.16.0.0/24
No nat in place.

I could ping from 192.168.100.66 to any host in the 172.16.0.0 network.
>From 192.168.100.100 I could only ping two hosts on the 172.16.0.0
network.  Doing a packet capture on the firewall showed no return ICMP,
but a capture on the switchport showed the echo-reply.  Even worse the
Cisco security team blew me off and said that if the capture didn't
work, then data isn't reaching the firewall.

As an interim fix we did a nat for that IP address and everything
worked.  Then I removed the nat and everything still worked. 

Overall I'm not that thrilled with code quality to date.  Might even
look at downgrading to 7.x

Thanks,
Josh

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ben Steele
> Sent: Friday, January 25, 2008 1:16 AM
> To: William
> Cc: [c-nsp]
> Subject: Re: [c-nsp] ASA5510 Code
> 
> I'd recommend 7.2(2)
> 
> I've got it running on a few 5510's that have been up without 
> a crash  
> for about a year, 8.0 does bring some really nice new features but  
> unless you need them i'd steer clear of it for now as i've 
> encountered  
> a few annoying bugs.
> 
> Cheers
> 
> Ben
> 
> On 25/01/2008, at 6:57 PM, William wrote:
> 
> > Hey,
> >
> > I'm implementing a ASA5510 for L2L VPN, EzVPN, VPN Client and other
> > basic firewall functions, can the list recommend a stable version of
> > code for my application?
> >
> > thanks for your time!
> >
> > W
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


More information about the cisco-nsp mailing list