Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
3
Replies

Recommended ASA software for VPN ?

Go to solution
johng231
Level 3
Level 3

‎02-10-2012 07:28 AM

Hello -

We’re in the process of migrating our legacy VPN concentrators over to a pair of ASA5540s. The VPN connections we use today are L2L, RA, & easy VPN. I don’t want to jump up to 8.3 or higher just yet, due to the differences in the NAT, group-objects and ACL policies.

Would it be recommended to use an 8.2 code as standard for VPN endpoints?

Thanks -

John

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ajay chauhan
Level 7
Level 7

‎02-10-2012 07:36 AM

You can very well use 8.2 .Right 8.3 onwards changes are there the way we configure NAT but its not very complicated to ignore latest version just because of NAT.

Just have a look on the link-http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html.

You might miss some new aded features but if not using those then its all right to go for 8.2

Thanks

Ajay

View solution in original post

0 Helpful
3 Replies 3

Go to solution
ajay chauhan
Level 7
Level 7

‎02-10-2012 07:36 AM

You can very well use 8.2 .Right 8.3 onwards changes are there the way we configure NAT but its not very complicated to ignore latest version just because of NAT.

Just have a look on the link-http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html.

You might miss some new aded features but if not using those then its all right to go for 8.2

Thanks

Ajay

0 Helpful

Go to solution
vabruno
Level 1
Level 1

‎02-11-2012 08:23 PM

Last year I did what you are trying to do, I migrated from a pair of Cisco 3060 concentrators to a pair of Cisco ASA 5540 firewalls. I went right to 8.3 since I had to manually port the config over anyways. If you don't want to go to 8.3 just go to 8.2x and then upgrade when your ready. I wanted 8.3 because at the same time I migrated clients from IPSec VPN to Anyconnect and wanted some of the features

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vabruno

‎02-12-2012 08:35 AM

I'm with vabruno on this. If you're moving onto ASA fresh from a different platform then the current version (8.4(3)) is the way to go. The new syntax will be used going forward and new features - especially advanced remote access (AnyConnect), Identity Firewall, etc  - are all on the newer code.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents