Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
0
Helpful
6
Replies

ASA 5520 with sw v7.0.8 vs. v7.2.x vs. v8.x

oanetadmin
Level 1
Level 1

‎10-21-2008 01:14 AM - edited ‎02-21-2020 03:03 AM

Two recently purchased ASA5520-K9 vere delivered to us with software v7.0(7).

We have successfully configured them and finally updated to the latest release of the v7.0.x i.e. v7.0.(8).

The ASA5520 with v7.08 are not yet in the PROD environment but they have been validated as stable during the testing and acceptance phase. Fianlly we would like to integrate them in our CiscoWorks LMS v3.1 but the the LMS requires ASA5520 to be at least at the v7.2.1.

We would like to know now if it is worth moving the ASA5520 to v7.2.x only for the sake of having them integrated in the LMS v3.1, if v7.08 is stable and seems somehow less vulnerable to security breaches then releases 7.2.x?

Briefly, can someone please explain what are benefits in general of moving ASA 5520 from v7.08 to v7.2.x or perhaps even to v8.x?

Thanks in advance.

0 Helpful
6 Replies 6

cisco24x7
Level 6
Level 6

‎10-21-2008 07:12 AM

Pros reason for moving to 7.2 or 8.x:

- more features than v7.0.8 such as hair-pinning

and other stuffs,

Cons reason for moving to 7.x or 8.x:

- more bugs and in-stability issues.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎10-21-2008 09:44 PM

After having witnessed several cases of instability with the 7.1.x/7.2.x and 8.x code I would recommened to stay at 7.0(8) unless you need a feature that is not available in your current release (like hairpinning,l2tp,advanced ssl,some inspections etc.).

For some things its highly recommended to go to 8.x. We just had a case this weekend with a customer running IPSEC over GRE (with IPSEC on the ASA). The tunnels would just drop randomly, we had a tac engineer have us upgrade to 8.0(4) and all is well so far.

Regards

Farrukh

0 Helpful

oanetadmin
Level 1
Level 1
In response to Farrukh Haroon

‎10-23-2008 07:45 AM

Thanks a lot to all for your precious input.

0 Helpful

uzmanhassan
Level 1
Level 1
In response to Farrukh Haroon

‎01-20-2009 10:40 AM

Hi

The tunnel line protocol is down. The ASA is placed between the two routers and the gre tunnel is configured on both routers. Tunnel destination on both ends are able to ping each other but tunnel IPs cant ping each other. Also tunnel line protocol is down i have allowed gre on ASA from outside to inside. Kindly give me suggestions its very urgent.

thanks,

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to uzmanhassan

‎02-15-2009 05:37 AM

Did you solve your issue Uzman?

Regards

Farrukh

0 Helpful

uzmanhassan
Level 1
Level 1
In response to Farrukh Haroon

‎02-15-2009 09:22 PM

Hi Farrukh,

Yes i have solved the issue. It was due to HSRP is running on inside vlan of ASA and that HSRP IP needs to be NAT on ASA in order to establish GRE tunnel.

Thanks & regards,

Uzman.

Note: Give me your MSN ID so we will keep in touch. Add me uzman_hassan@hotmail.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card