I am upgrading from PIX 6.3.5 to new pair of ASA's tonight. I am wondering if anybody knows of any gotchas I need to be aware of...Also want to know if this version of code for ASA's are stable. Thanks in advance
We migrated as well from a couple Pix 520s v. 6.3.5 to ASAs running 7.0.5. I would recommend running them in parallel and migrating your servers and VPNs slowly. We did this and it payed off as I've crashed the ASAs multiple times due to software bugs. The ASAs sound great as they integrate features of the VPN concentrator, IPS, etc however I'm am now a firm believer of seperating those services and running them on different boxes.
We ran into issues connecting EZVPN 831 "NEM" and it is malforming SCCP from the IP phones. We took the chance and upgraded to 7.2.1 hoping that it would resolve it because of enhanced Skinny enhancements. Now stateful failover doesn't work "CSCse81232". So here I go again with another can of worms :)
So in summary if you are just using the ASAs as a basic firewall 7.0.5 is stable. It's not worth the risk to upgrade to the first major release just because of new features.
P.S. If you use the ASDM make sure you hit apply after each change. Don't make a bunch of changes and then hit apply as this will crash 7.0.5. "CSCse22853" This bug was discovered by me and wasn't specific to just DHCP relay cmds.