I recommend upgrading the OS about every 6 months or so. I have some firewalls that I update ASAP and some that I only update when major vulnerabilities get patched.
You should update the ASDM the same time you update the OS. This has two meanings. First it means if you update the OS it's a good idea to update the ASDM. Second it means you can update both of them on the same reload. So when you upload the images to the ASA then you can set both asdm location and boot image location on the ASA and reload it so it updates both together.
Also, the last official stable version of ASA code cisco released was in the 7.'s. That means you can either choose a 2 year old OS because of its stability or opt for going for the most current OS because of its security patches and features. I've always gone with the very latest OS and did a thorough test after the upgrade (check VPN's, verify no new strange syslogs are going, check NAT, verify connectivity is the same etc).
ASDM update does not require a reboot. It takes effect right away. So, if you upgrade to a new code and asdm at the same time, the asdm may not be compatible with the code that the unit is running before the reload. So, I'd reload the ASA with the OS upgrade and then copy the new asdm over.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...