Some of you might have noticed that my site was down for about 30 minutes today. I decided it was time to upgrade my firewall code since I hadn’t done it in awhile. That simple task turned into a complete nightmare…
I have a ASA 5505 that I use at home. I like it for the most part, stable, has some nice features, etc. I’ve been shying away from doing an upgrade above 8.2 since they redid the NAT config in 8.3. I bit the bullet today and did the upgrade. There’s a ‘auto reconfig’ that’s supposed to happen to port your NAT rules over to the new syntax. That appeared to ‘sort of’ work. It worked, but generated way too much unneeded crap in my config. Additionally, they also decided to change the way that ACLs are written. Rather than using the external IP they are now using the NAT destination IP. So I had to redo the ACLs.
Yes, I could have read the entire release guide and probably been more prepared, but come on. Really? You change the way ACLs are written and don’t ‘auto reconfig’ those too?
I have never been super impressed with Cisco’s security portfolio and this upgrade certainly didn’t help my opinion of it…