[c-nsp] ASA5520 which image should I use?
Chris Griffin
cgriffin at ufl.edu
Fri Sep 25 10:32:14 EDT 2009
I have been told that going forward TAC is the only way to get interim
releases on 8.2 and newer code. This wouldn't be bad if they put out
real releases more than once per year. Crazy that it seems to be SOP
that Cisco, through making it difficult to get patches, encourages
running code on a security device with known security flaws.
Tnx
Chris
On Fri, 2009-09-25 at 09:45 -0400, Ryan West wrote:
> Nick,
>
> I agree with you on the earlier 7.2(4) releases, in particular 7.2(4)18 was bombing on us in multiple locations with site to site tunnels. However, I think the same interim released bugs were in both trains. In terms of bug fixes and general release times, 8.0(4)32 and 7.2(4)33 were released two days apart and have held up to any of the recent of PSIRT fixes. I won't run 8.0(4)16 anywhere, just as I won't run 7.2(4)18.
>
> I used the bugID Justin mentioned a while back to get 8.2.1(3) and it has proved to be stable for AnyConnect Essential customers. I'm not sure why Cisco isn't releasing anything in the way of interim updates, the last was the 18th of May, I would rather not contact TAC for anything outside of the main train.
>
> -ryan
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of NMaio at guesswho.com
> Sent: Friday, September 25, 2009 9:30 AM
> To: amsoares at netcabo.pt
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ASA5520 which image should I use?
>
> Obviously everybody's experience has been different but I have been running very nicely on 8.0.x code. I am running on the latest interim code on both ASAs and PIXs due to a security flaw though. (knock on wood) It has been very stable. 7.2.4 code was very buggy for me. I was upgrading probably every other month due to bugs until we jumped to 8.x code a while ago.
>
> Justin,
> I believe I saw your posts on the RANCID list and although the 8.2 coredump problem can be a pain you can modify your rancid script to ignore the coredump file when rancid does a show flash. I do this for dhcp snooping since the db is small enough that I can keep it in flash. (Yes I know about the warning that they give when you configure like this) Every time a lease expires or a new lease is distributed the file is updated which would make rancid grab the change.
>
> Nick
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Chris Griffin cgriffin at ufl.edu
Sr. Network Engineer - CCNP Phone: (352) 273-1051
CNS - Network Services Fax: (352) 392-9440
University of Florida/FLR Gainesville, FL 32611
More information about the cisco-nsp
mailing list