A TAC engineer suggested 5.32 for stability. Said the newer versions have not turned out to be as stable but I have been using 6.01 for a while now with now problems on a 506. Just got a 515 and thinking about loading 6.x on it. Anyone else have any thoughts?
We currently run a combination of 5.3.1 and 6.0.1, and find both to be stable.
Version 6.1.1 is available now, and fixes the MailGuard vulnerability among other issues, which may be an issue if you run firewalled SMTP servers. Check the PSIRT notices for details. Haven't deployed 6.1.1 anywhere yet so cannot comment on the stability.
TAC is correct. 5.3.2 is the most stable. I've seen many bugs in lower versions like 5.2.6 and 5.2.3 - especially with VPN tunnels and believe it or not, simple routing. The only thing i suggest is that upgrading IOS also means upgrading memory. make sure your PIX meets the requirements for the new IOS first. 6.0 is not bad - actually a lot of bugs were fixed in that release. currently i've been running 6.1.1 for a while with no incident - vpn or otherwise, but you never know.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...