nltech
join:2007-06-13
West Haverstraw, NY | ASA Download site Anyone know of a site besides cisco.com that hosts ASA and asdm software updates?
All the bulletins claim for those without a contract you can get updated software for security vulnerabilities by emailing tac@cisco.com.
This has usually worked for me in the past albeit it takes 5 or so emails before finding a tech that actually reads the part about it being free for those without a contract.
However I am up to 6 emails and still no luck this go around.  |
|
pearcy
join:2004-12-08
Chicago, IL | I don't think there are any "legal" sites where you can download software updates besides direct from Cisco.
Which model do you have? My contract is like $70 a year and it covers more than software updates. |
|
nltech
join:2007-06-13
West Haverstraw, NY | It is a 5505. At 70 a year I would be better off just replacing it with a Linux router. I plan on doing that once that once this one fails. I figure why invest $70 a year for updates when they tell you they are free.
I made the mistake when I first purchased it years ago that they were like any other company where security updates are easily downloaded from their site. |
|
| reply to nltech
Torrents? |
|
| reply to nltech
said by pearcy:I don't think there are any "legal" sites where you can download software updates besides direct from Cisco. Seconded.
Not to knock you but you want to point out one of these bullitins that promises free updates for security updates?
Never heard of them before myself. Also, email's a great way to get ignored. Give TAC a call, point then to the
URL that you speak of, and see if you get anywhere that way.
What code version of ASA are you running? Personally I'm quite happy with 8.2 because of the whole 8.3 NAT debacle.
Regards |
|
|
|
 RyanG1Premium
join:2002-02-10
San Antonio, TX | reply to nltech
ill +1 the use of 8.2 (i use 8.2.2(6) because of the IPv6 fix in it)... |
|
nltech
join:2007-06-13
West Haverstraw, NY | Took some time but I finally got it from tac.
The wording below is standard for all security advisory bulletins. You can find it under "Obtaining Fixed Software".
»www.cisco.com/en/US/products/ps6···ist.html
quote:
-Obtaining Fixed Software
-Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):
+1 800 553 2447 (toll free from within North America)
+1 408 526 7209 (toll call from anywhere in the world)
e-mail: tac@cisco.com
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Customers without service contracts should request free upgrades through the TAC.
If every Cisco device in the world required an expensive yearly contract for security vulnerabilities, the internet would be a mess.
If you have a contract the files are unlocked on the download site. Without a contract you can only get them through tac. |
|
| And if you have to go through TAC for downloads, you'll notice any links to firmware are padlocked, meaning you'll need a service contract.
Goes back to your original question & answer. No, you can't without contract. |
|
nltech
join:2007-06-13
West Haverstraw, NY | said by Network Guy:And if you have to go through TAC for downloads, you'll notice any links to firmware are padlocked, meaning you'll need a service contract.
Goes back to your original question & answer. No, you can't without contract.
Not true. I posted the bulletin text above. TAC sends you an email with a password to unlock the files.
Like I said, if every Cisco device in the world required an expensive yearly contract to fix security vulnerabilities, the internet would be a mess. Cisco would also lose some business and get a bad reputation. |
|
| Well hell... If what you say is true, I need to get on that. I refuse to pay for a software update contract myself! |
|
 jester121Premium
join:2003-08-09
Lake Zurich, IL | reply to nltech
said by nltech:Like I said, if every Cisco device in the world required an expensive yearly contract to fix security vulnerabilities, the internet would be a mess. Cisco would also lose some business and get a bad reputation.
Well....... no....... actually precisely the opposite.
Companies that actually run the internet pay for maintenance contracts no matter which brand of hardware they use. That keeps the internet up and running.
This Cisco policy is only for security fixes, so you won't have your choice of all the software to download legally. If there's no vulnerability fix, you're not entitled to it. |
|
nltech
join:2007-06-13
West Haverstraw, NY | said by jester121:said by nltech:Like I said, if every Cisco device in the world required an expensive yearly contract to fix security vulnerabilities, the internet would be a mess. Cisco would also lose some business and get a bad reputation.
Well....... no....... actually precisely the opposite. Companies that actually run the internet pay for maintenance contracts no matter which brand of hardware they use. That keeps the internet up and running. This Cisco policy is only for security fixes, so you won't have your choice of all the software to download legally. If there's no vulnerability fix, you're not entitled to it. I suppose you could interpret my post that way as "companies that run the internet" but that is not what I meant. I was thinking more along the lines of thousands of small business customers with hacked firewalls and routers.
Keeping in context of the small business level, in most cases you buy a piece of hardware and there are firmware updates to fix security vulnerabilities available without a contract. Just like what Cisco is doing now. They are just making it inconvenient to get the updates. |
|
jester121Premium
join:2003-08-09
Lake Zurich, IL | Again, I have to disagree -- unless you're talking about Linksys/Dlink/Netgear level stuff. That's consumer level gear in my book.
It's been a while since I used Checkpoint/Barracuda or any of the dozens of other appliance-type firewall/router/gateway appliances, but I'm pretty sure they all still have a subscription or maintenance or service plan type approach.
Cisco's Small Business lineup of routers, APs, and switches comes with a "lifetime" (i.e. until Cisco EOLs it) warranty and firmware support. Their AS500 is like those I mentioned above, with an annual fee. I view their willingness to provide free (albeit difficult) security patches to customers with expired SmartNET as a nice thing. |
|
nltech
join:2007-06-13
West Haverstraw, NY
1 edit | said by jester121:Again, I have to disagree -- unless you're talking about Linksys/Dlink/Netgear level stuff. That's consumer level gear in my book.
It's been a while since I used Checkpoint/Barracuda or any of the dozens of other appliance-type firewall/router/gateway appliances, but I'm pretty sure they all still have a subscription or maintenance or service plan type approach.
Cisco's Small Business lineup of routers, APs, and switches comes with a "lifetime" (i.e. until Cisco EOLs it) warranty and firmware support. Their AS500 is like those I mentioned above, with an annual fee. I view their willingness to provide free (albeit difficult) security patches to customers with expired SmartNET as a nice thing.
Not sure what your point is here. I already said they provide updates just like everyone else. They just make it inconvenient. |
|
| Can you blame them? Playing devil's advocate, how do you prove a) the person on the other end of the line is
telling the truth, b) has the serial # of the piece of gear in hand, c) knows what they're talking about, d) this
is a legit reason to release software to them, and e) this isn't going to turn around and bite you in the ass?
Glad you got it sorted out in the end nltech. What revision did you get and what bugID were you trying to sort out?
Regards |
|
nltech
join:2007-06-13
West Haverstraw, NY | said by HELLFIRE:Can you blame them? Playing devil's advocate, how do you prove a) the person on the other end of the line is
telling the truth, b) has the serial # of the piece of gear in hand, c) knows what they're talking about, d) this
is a legit reason to release software to them, and e) this isn't going to turn around and bite you in the ass?
Glad you got it sorted out in the end nltech. What revision did you get and what bugID were you trying to sort out?
Regards
Thousands of Cisco customers have access to the support download site. So it is not like the process is stopping the software from falling into the wrong hands.
Non-contact customers already can register and use the support site but downloads are locked. There is no reason not to allow non-contract customers to input the serial number and be allowed to download security updates. This rather than having to make a phone call and get approved through email.
The other thing is you go to online stores that sell Cisco products and there is no mention of this in the product details. People place the order and find that out of the box they have out dated software with security vulnerabilities.
These folks also have to jump through the same phone and email hoop rather than just simply download the update from the site. At that point they can order a contract but those things take time. So either way people are typically in for a wake up call if they want to use what they purchased out of the box. |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:7 | There is no reason not to allow non-contract customers to input the serial number and be allowed to download security updates.
Bottom line, you *CAN* get an update from Cisco without a contract. However, it does take some effort. If you have Cisco gear in a critical / business context, then you should have a support contract for it -- it's not going to bankrupt the company to do so. Otherwise, you can dance the dance with Cisco or wait a few weeks (months?) for Google to index a site with the file sitting there. |
|
nltech
join:2007-06-13
West Haverstraw, NY | said by cramer:There is no reason not to allow non-contract customers to input the serial number and be allowed to download security updates.
Sure there is... 5sec with Google can find you a valid serial number just about any Cisco device. Given your process, I could upgrade all my ASAs (running 8.2) to the latest code (8.4). You are only entitled to an *update* to what you are currently running. If you're currently running 8.0, you can request an updated/patched 8.0 image. A bug in 8.0 does not entitle you to 8.4 images. I think you either did not read the thread or think it through before posting. What you are saying is calling a customer service rep. who currently looks up the serial number and owner is some how different from a website that performs the same exact function.
By the way I never said I was seeking new features of new releases and was speaking of updates for security vulnerable releases in each of my posts. From the serial number database Cisco already knows which version I am entitled to. |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:7 | Have you been through this process before? I have. They want more than just a serial number. Their database will only show what it was running when it left the factory. Field upgrades aren't marked in the db -- your license key (if any) isn't tied to any specific version.
They want 3 things... 1) the serial number of the device -- something that has not always been available from the cli. 2) the url of the security advisory as proof of entitlement. And 3) a "show tech" output as proof of the version and feature-set you're running.
(BTW, you've spent more time whining here than it takes to get a patch out of Cisco.) |
|
nltech
join:2007-06-13
West Haverstraw, NY | said by cramer:Have you been through this process before? I have. They want more than just a serial number. Their database will only show what it was running when it left the factory. Field upgrades aren't marked in the db -- your license key (if any) isn't tied to any specific version.
They want 3 things... 1) the serial number of the device -- something that has not always been available from the cli. 2) the url of the security advisory as proof of entitlement. And 3) a "show tech" output as proof of the version and feature-set you're running.
There is nothing you mentioned that an online verify cannot do that their tac phone and email service currently does. Everything you have described so far could be accomplished at support.cisco.com if they would just add the functionality for out of contract serial numbers.
Some of the functionality you describe is already being done for contract and out of contract customers at cisco.com.
said by cramer:(BTW, you've spent more time whining here than it takes to get a patch out of Cisco.)
Then we are all whiners here at dslr for something or other. If you read the thread you would see my problem was solved early on in the thread. So I am just responding to those like you, who have taken their time to reply anyway on the subject.
I find it bizarre you seem to have such a beef with having simple verification being done at cisco.com instead of by phone call or email. Sounds like you are a SMARTNET reseller or work for them since you have demonstrated no business case for going so far out of your way to defend making tech support phone calls.
One would expect a modern day internet networking company to rely on website to make such transactions rather than using a telephone. |
|
