r_naren22atyahoo
asked on
Latest PIX software that can be used for Production
Hi Cisco Experts,
I need help in deciding the best software to use on PIX 525E in Production Environment.
I was bit confused at the versions
----------------------
The latest releases currently avaliable are
pix721.bin
PIX OS version 7.2(1) 7.2.1.ED 31-MAY-2006
asdm-505.bin
Cisco Adaptive Security Device Manager for PIX 7.0 5.0.5 14-APR-2006
pix705.bin
PIX OS version 7.0(5) 7.0.5.ED 14-APR-2006
asdm-512.bin
Cisco Adaptive Security Device Manager for PIX 7.1 5.1.2 15-MAR-2006
pix712.bin
PIX OS version 7.1(2) 7.1.2.ED 15-MAR-2006
asdm-511.bin
Cisco Adaptive Security Device Manager for PIX 7.1 5.1.1 06-FEB-2006
pix711.bin
PIX OS version 7.1(1) 7.1.1.ED 06-FEB-2006
asdm-504.bin 5.0.4 15-OCT-2005
pix704.bin
PIX OS version 7.0(4) 7.0.4.ED 15-OCT-2005
-------------------------- ----
Currently i Have 7.0(4) with ASDM 504
The latest is 7.21 and before that 7.12 but both are ED(Early Deployment)Versions
So which one do you think would be a stable Version with Fair improvement in Feature Set?
regards
Naren
I need help in deciding the best software to use on PIX 525E in Production Environment.
I was bit confused at the versions
----------------------
The latest releases currently avaliable are
pix721.bin
PIX OS version 7.2(1) 7.2.1.ED 31-MAY-2006
asdm-505.bin
Cisco Adaptive Security Device Manager for PIX 7.0 5.0.5 14-APR-2006
pix705.bin
PIX OS version 7.0(5) 7.0.5.ED 14-APR-2006
asdm-512.bin
Cisco Adaptive Security Device Manager for PIX 7.1 5.1.2 15-MAR-2006
pix712.bin
PIX OS version 7.1(2) 7.1.2.ED 15-MAR-2006
asdm-511.bin
Cisco Adaptive Security Device Manager for PIX 7.1 5.1.1 06-FEB-2006
pix711.bin
PIX OS version 7.1(1) 7.1.1.ED 06-FEB-2006
asdm-504.bin 5.0.4 15-OCT-2005
pix704.bin
PIX OS version 7.0(4) 7.0.4.ED 15-OCT-2005
--------------------------
Currently i Have 7.0(4) with ASDM 504
The latest is 7.21 and before that 7.12 but both are ED(Early Deployment)Versions
So which one do you think would be a stable Version with Fair improvement in Feature Set?
regards
Naren
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Irmoore,
Mostly looking at the Logging side. with ASDM
Mostly looking at the Logging side. with ASDM
I noticed that the home page of the ASDM interface let you stretch the log window to see more at once and I thought that was an improvement over the PDM which did not let you do that. Imagine my surprise when asdm 5.04 broke it and wouldn't stretch any more. 5.05 fixed it again so you can stretch the window again.
ASKER
giltjr, Do you know any known features for logging and monitoring?
Have you considered a dedicated syslog server and syslog reporter sofware?
ASKER
The syslog server on PIX transfer the log files to an FTP server, we have other software to analyse those files
ASKER
>>you do that. Imagine my surprise when asdm 5.04 broke it and wouldn't stretch any more. 5.05 fixed it again so you can stretch the window again.
I would go for the new version for this option :)
I would go for the new version for this option :)
ASKER
Thanks for the Info guys, it was helpful...
However i just saw the ASDM 521 Demo Version on the Cisco Site, its prety impressive and easy to manage
We have problems with 7.04 not exactly with 7.04 but with ASDM 504,
We had Groups and objects, it was little confusing with the access rules on ADSM 504, ASDM 521 is much better.
and also the "packet tracer" thats a good tool.
I am going upgrade to ASDM 521.
One Last question.
Is Cisco TAC Support supporting the 7.21???
Coz all the version i.e
7.04, 7.12 and 7.21 are ED(Early Deployment) Version. Except 6.3(5).
Thanks
Naren
However i just saw the ASDM 521 Demo Version on the Cisco Site, its prety impressive and easy to manage
We have problems with 7.04 not exactly with 7.04 but with ASDM 504,
We had Groups and objects, it was little confusing with the access rules on ADSM 504, ASDM 521 is much better.
and also the "packet tracer" thats a good tool.
I am going upgrade to ASDM 521.
One Last question.
Is Cisco TAC Support supporting the 7.21???
Coz all the version i.e
7.04, 7.12 and 7.21 are ED(Early Deployment) Version. Except 6.3(5).
Thanks
Naren
From what we can tell 7.0.(4) and older would quitely drop packets that were denied. With 7.0(5) it seems that the default is to send a RST for packets that are denied.
I would assume that if you only get a few deny's this is not that bad, but if you get a lot it would cause problems. With the new code we were seeing CPU at 100% for 40-60 seconds and then the fun started.
Logging and monitoing what?
We are using ASDM to keep an eye on CPU utilization.
I would assume that if you only get a few deny's this is not that bad, but if you get a lot it would cause problems. With the new code we were seeing CPU at 100% for 40-60 seconds and then the fun started.
Logging and monitoing what?
We are using ASDM to keep an eye on CPU utilization.
ASKER
7.0(4) with ASDM 504 has some issues with the Logging and Monitoring, we dont have many options there.
We actually use 2 525s with Active-FailOver Configuration.
So i thought that 7.21 or 7.12 has this options., Do you know any of those???
We use only the ASDM to configure the PIX, as the Configuration is complecated.
I didnt get the RST part, what is it about?
regards
Naren