Saturday, November 28, 2009

Cisco ASA ASDM update

Cisco has had ASA 8.2.1(11) code out for about 2 months. I have several customers running it now because it addressed a lot of problems with the 8.2.1 code release that came out in May (the release notes are here - login may be required.) I recommend running it, it has been stable.

There is also a new ASDM version 6.2.3 that just came out in the beginning of Nov. I think 6.2.1 has been a good stable version so far with no major problems that I have encountered however I can never find a lot of release notes for the ASDM software for some odd reason. I haven't installed 6.2.3 yet on a production ASA deployment so no formal thoughts about it yet.

I also thought Cisco was going to keep ASA code and ASDM code releases in lock step with each other so it would be easier to tell which release of ASDM code would go with which release of ASA code but I guess that only goes for the first minor number and not the sub of interim releases. A shame because it does make life easier for people who don't use and/or install the ASA products on a regular basis to figure out the code they should be running and what works together. If you need PSIRT images they are available here. Even if you are not on a current contract you can download and use these versions as they address major security vulnerabilities that Cisco considers important enough to give out the code to fix the issue. The most recent code release under that PSIRT is 8.2.1(3) which is pretty new (June of 2009.)

I have not noticed any specific Java issues with any of the newer ASDM releases, looks like Cisco is paying more attention to that problem and making sure ASDM just works instead of having to fiddle around with Java versions and such.

On a side note, 8.2 code on the 5510's can be a problem and Cisco is recommending a memory upgrade for the 5510 series so that it can run without major performance problems. There is no problem installing and running the code on the 5510's at all, it is just an issue of how much memory is consumed depending on how much stuff you are doing on the ASA. Something to keep in mind, I really prefer the 5520 model because of this reason plus all the interfaces on the 5520's are Gigabit with the exception of the Management interface (which just seems to be a cheap cost cutting measure) which is 10/100.
- Ed

No comments: