ASA uptime

creamy_stew

Sometimes things just work

Logged in to a customers ASA to do some VPN work and some horrible outside NATing. I noticed the software seemed kinda old, so..


ASA5505# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(1)
Device Manager Version 5.2(1)

Compiled on Wed 31-May-06 14:45 by root
System image file is "disk0:/asa721-k8.bin"
Config file at boot was "startup-config"

ASA5505 up 3 years 175 days

It would be a shame to lose that uptime just to update the ios, right?

burbankmarc

Uptime isn't everything. But then again I'm a big proponent of patching and updating my systems. Non of my Linux boxes have great uptimes because I like to reboot so it uses the latest kernel I upgraded to.

SteveO86

No I don't think it would be a shame at all. It would be a shame if the device was compromised because of a security hole, that has been patched in a newer IOS version.


Uptime is nice, I've seen devices with an uptime of a few years myself and the first thing I do schedule the device to be upgraded (IOS wise). Scheduled maintainable is not considered downtime. (At least in my book).

Zartanasaurus

burbankmarc wrote: »

Uptime isn't everything. But then again I'm a big proponent of patching and updating my systems. Non of my Linux boxes have great uptimes because I like to reboot so it uses the latest kernel I upgraded to.

http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml

Cisco Adaptive Security Appliance (ASA) and Cisco PIX
Cisco ASA and Cisco PIX security appliances running versions 7.1, 7.2, 8.0, and 8.1 are affected when configured for any of the following features:
SSL VPNs
ASDM Administrative Access
Telnet Access
SSH Access
Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs
Virtual Telnet
Virtual HTTP
Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection
Cut-Through Proxy for Network Access

Uptime is overrated.