Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
642
Views
0
Helpful
3
Replies

8.3 Production Ready?

Go to solution
justintime
Level 1
Level 1

‎04-09-2010 06:41 AM - edited ‎03-11-2019 10:31 AM

Hi all,

I'm returning to ASA's after having spending the last 4 years working with Checkpoint firewalls.  I am getting set up to port my current configuration from the Checkpoints over to the ASA's, so I'm starting from scratch.

I noticed that 8.3 came out recently, and I had to smile when I read the release notes.  It seems that Cisco has taken the things I liked most about Checkpoint (mainly object-based configuration), and incorporated it into 8.3.

My configuration isn't too complex - I have a pair of 5540's that will be in active/passive failover.  There will be a few NATs, but nothing too heavy.  Where many ASA's protect business users from the Internet (most traffic being initiated from inside-to-outside), my situation is that the ASA's are protecting a fairly large website (99% of traffic is initiated from outside-to-inside).  While I'll set up VPN, it's only for use by our admins to do remote administration and usage is really light.

I'm aware of the 2GB memory requirement, and like I said, I don't have any existing config to upgrade.  However, if there's a lot of NAT bugs or crashes, I'll stick with 8.2 until 8.3 stabilises a bit.

Does anyone have any input?

Thanks,

Justin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to Panos Kampanakis

‎04-10-2010 04:34 PM

If the config is simple with no bidirectional which is called as twice nat in 8.3 etc.. I'd say go with 8.3.

People love the global acl and object based NAT configuration.

I'd suggest to configure from start using 8.3 and not configure in 8.2.2. and then issue an upgrade as we have seen issues with converting the config to 8.3 when policy nat is configured with "any" as destination etc.. You probably already read that in the RN.

-KS

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee

‎04-09-2010 03:54 PM

8.3 is fairly new, there are a couple of nat issues, but not major showstoppers.

If this is not a very very important ASA (in case something came up because the code is fairly new) I would try it out. Especially if you have worked with Checkpoint you will see that there are a couple of similarities.

Nat has changed some.

And there are nice features like global ACLs, real ip and the Smart services which will be liked by people as they start using them.

I would try it if I were you.

I hope it helps.

PK

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to Panos Kampanakis

‎04-10-2010 04:34 PM

If the config is simple with no bidirectional which is called as twice nat in 8.3 etc.. I'd say go with 8.3.

People love the global acl and object based NAT configuration.

I'd suggest to configure from start using 8.3 and not configure in 8.2.2. and then issue an upgrade as we have seen issues with converting the config to 8.3 when policy nat is configured with "any" as destination etc.. You probably already read that in the RN.

-KS

0 Helpful

Go to solution
justintime
Level 1
Level 1
In response to Kureli Sankar

‎04-12-2010 08:13 AM

Thanks for the tips everyone.

I'll be at least initially setting things up with 8.3.  While this is a very important ASA, the operations it will be doing are pretty basic, and I have a test lab environment which I'll be able to test everything with.  I also won't be deploying them for awhile, so I can apply bug fixes between now and then.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card