ASA 5520 with sw v7.0.8 vs. v7.2.x vs. v8.x

Unanswered Question
Oct 21st, 2008

Two recently purchased ASA5520-K9 vere delivered to us with software v7.0(7).

We have successfully configured them and finally updated to the latest release of the v7.0.x i.e. v7.0.(8).

The ASA5520 with v7.08 are not yet in the PROD environment but they have been validated as stable during the testing and acceptance phase. Fianlly we would like to integrate them in our CiscoWorks LMS v3.1 but the the LMS requires ASA5520 to be at least at the v7.2.1.

We would like to know now if it is worth moving the ASA5520 to v7.2.x only for the sake of having them integrated in the LMS v3.1, if v7.08 is stable and seems somehow less vulnerable to security breaches then releases 7.2.x?

Briefly, can someone please explain what are benefits in general of moving ASA 5520 from v7.08 to v7.2.x or perhaps even to v8.x?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Tue, 10/21/2008 - 07:12

Pros reason for moving to 7.2 or 8.x:

- more features than v7.0.8 such as hair-pinning

and other stuffs,

Cons reason for moving to 7.x or 8.x:

- more bugs and in-stability issues.

Farrukh Haroon Tue, 10/21/2008 - 21:44

After having witnessed several cases of instability with the 7.1.x/7.2.x and 8.x code I would recommened to stay at 7.0(8) unless you need a feature that is not available in your current release (like hairpinning,l2tp,advanced ssl,some inspections etc.).

For some things its highly recommended to go to 8.x. We just had a case this weekend with a customer running IPSEC over GRE (with IPSEC on the ASA). The tunnels would just drop randomly, we had a tac engineer have us upgrade to 8.0(4) and all is well so far.



uzmanhassan Tue, 01/20/2009 - 10:40


The tunnel line protocol is down. The ASA is placed between the two routers and the gre tunnel is configured on both routers. Tunnel destination on both ends are able to ping each other but tunnel IPs cant ping each other. Also tunnel line protocol is down i have allowed gre on ASA from outside to inside. Kindly give me suggestions its very urgent.



This Discussion