We have 2 ASA 5520s in active/standy. We run IOS 8.2(5)24 and I wondered if I need to upgrade as I see the versions have gone to 8.4 and beyond! We are not getting any issues and I'm aware of the difficult migration from 8.2 to 8.4 etc due to the NAT change.
View 3 RepliesI'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
We wish to upgrade 8.2(3) to 8.2(5) on our asa 5520 and 5510. I have been looking for Cisco guides for installation instructions but havent been able to track any. or is it just as striaght forward as copy image, reboot secondary and the primary
View 2 Replies View RelatedI am trying to upgrade our ASA5520(Primary/Standby) to 8.45. Can i upgrade 8.25 directly to 8.45 or do i have to upgrade to 8.3 first?
View 1 Replies View RelatedI have a 2 ASA 5520 firewalls for high availability and need to upgrade IOS from 7.2(4) to 8.2 or latest. What could be the better way and upgrade procedure. Below is show version details and IOS upgrade to latest.
Cisco Adaptive Security Appliance Software Version 7.2(4)Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by buildersSystem image file is "disk0:/asa724-k8.bin"Config file at boot was "startup-config"
IGN-ASA-1 up 45 days 17 hoursfailover cluster up 45 days 17 hours
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHzInternal ATA Compact Flash, 256MBSlot 1: ATA Compact Flash, 512MBBIOS Flash M50FW080 @ 0xffe00000, 1024KB
[Code] ........
I´ve a problem with my "old" PIX515e device. I wanted to flash this device to a new firmware level but forgot to disable the "lost enable" password before. So I started to make the firmware upgrade on my device, ended up with "flashfs" is busy and I should start the enabled modus and "copy flash tftp" to activate the new flash version. Unfortunalty I cannot do this because I´ve lost my password. When I´m trying to boot this device up now, it will end with a error message...
Unable to locate boot image configuration
Booting first image in flash
No bootable image in flash. Please download an image from a network server in the monitor mode
Failed to find an image to boot
As mentioned, when I will load a new flash image over monitor mode, i cannot activate that image because of flashfs is busy.The password reset bin files will not work too. I tried that too but this one will recongnize no active installed flash.Is there any way to reanimate my PIX515e? In newer devices there are possibilites to work with changing config register but I´ve found nothing about that for a PIX515e.
Due to increase of demands on our ASA cluster, we need to upgrade to a new cluster of 5545x. Our current config contains a lot of S2S & NAT
View 1 Replies View RelatedI'm about to upgrade from an ASA5520 to ASA5525.
View 1 Replies View RelatedI have a couple of ASA5520 and ASA5550, and I wanted to know if it is worth it to upgrade the software from 8.2(4) to 8.2(5)? Because of the RAM I cannot upgrade to 8.3 for now.
View 1 Replies View RelatedWe are currently on 8.0(4) and planning on upgrading our failover pair to 8.4.2, I read some documents saying that we can perform a zero downtime upgrade.
According the below documents Version 8.2 supports mismatch memory failover, [URL]
Upgrade Path:
Active Firewall: Standby Firewall:
8.0(4) 8.0(4)-->8.2.2
8.0(4) Upgrade RAM-2G---Reload
faiover to standby 8.2.2
8.0(4)--->8.2.2 8.2.2
[code]...
Can I perform zero downtime upgrade with the above upgrade path? Will both the firewalls act as a failover pair if one is on 8.2.2 and other is on 8.4.2.
"Performing Zero Downtime Upgrades for Failover Pairs
The two units in a failover configuration should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support." [URL]
I upgraded a pair of ASA 5520s from ASA 8.3 to ASA 8.4(4) this week and now my DMZ hosts cannot reliably communicate with eachother. I have a DMZ network of 10.20.20.16/28 configured. 10.20.20.17 is the ASA/Gateway and 10.20.20.19 is one host and 10.20.20.20 is another host. These two hosts had no problem communicating with eachother before the upgrade. Now, they usually cannot communicate with eachother. Occasionally they can communicate, but only for a few minutes. What is strange is I never had any access lists for these hosts to talk with eachother before the upgrade (because their traffic to eachother should have never reached the firewall) but now I needed to create an access list on the DMZ interface allowing these two hosts to talk. ICMP works fine, but only if the ACL is in place. TCP rarely works.
View 2 Replies View RelatedWe have a old Cisco ASA5540 firewall running on firmware version 7.0 and also a Firewall Service Module (FSWM) running on firmware version 2.3.
My question is if I would like to upgrade the Cisco ASA5540 firmware version to 7.1 above and the FWSM firewall version to 3.1 above, any requirement on the memory size or hardware to perform the firmware upgrade activity, do I require to do some memory or hardware module upgrade activty first before the firmware upgrade ?
Any restriction, shortcoming and pre-requites to do before the firmware upgrade activity ?
I need to upgrade the ASA 5520 from OS 8.2(5)26 to 8.2(5)33. the ASA only has 64M of flash. I have a 256M flash card. What are the steps to upgrade the flash? I am not sure how it will boot up because the new flash will be blank?
View 2 Replies View RelatedI have been asked to look at upgrading two 5520 ASA configured in a HA pair Active/Standby, from version 7.2(4) to version 8.3(1) to bring it in line with some other ASA firewalls in the organisation.
My question is can I simply upgrade straight from 7.2(4) to 8.3(1) or will I have to step the upgrade from 7.2(4) => 8.2(x) => 8.3(1)
Having read a few articles on the forums and the release notes I think I should be able to go from 7.2(4) => 8.3(1) .
The second part of my query is around the upgrade itself, having researched this a little there seems to be various views on how to go about upgrading a HA pair and I cannot find anything specific on the website.
The approach I am thinking of is simply as follows;
- upload images onto both firewalls in the HA pair
- On the standby from the CLI
clear configure boot
[Code].....
last night we tried to upgrade our cluster (2x ASA5520) from 8.0(4) to 8.2(3) and failed miserably.
1. Both units got the new image, but when we reloaded the secondary unit then we got the following strange message:
"Mate's license (10GE I/O Enabled) is not compatible with my license (10GE I/O Disabled). Fail over will be disabled."
After this message fail over was not there anymore and both units became active (!!!) which killed everything. Of course ASA5520 doesn't have 10GE and we have exactly the same units. What could be the problem here? Currently we run with a single unit with 8.2(3) and the secondary unit is switched off.
2. After the upgrade we cannot connect with multiple VPN sessions from the same client, this gets logged:
"Multiple sessions per tunnel are not supported"
This was working just fine with 8.0(4) and doesn't work with 8.2(3). Do we have to update something in the config or what is causing this? If you ask why we went with 8.2(3) instead of 8.2(5) then the answer is because we were testing that for several month in our secondary data center, but unfortunately only on a single ASA and not on a cluster. We couldn't go higher due to the 512MB RAM we have in all units.
And we had to upgrade, because we had crashes with 8.0(4) which was working fine for a long-long time.
I was trying to upgrade from 8.3.1 to 8.3.2. but I am unable to copy via tftp to the ASA flash or disk0:
ASA5520# copy tftp: flash:
Address or name of remote host []? 10.88.127.153
Source filename []? asa831-k8.bin
Destination filename [asa831-k8.bin]?
[code]....
Half way thru writing to the disk, it goes for a reboot. There is more than enought space on the disk0. I tried copying via a Compact Flash, but the ASA is not detecting the Compact Flash (which I thinks should be disk1). I tried copying a asdm file, even that also went for a reboot.I am stuck now, unable to upgrade
I need to upgrade the flash memory of the ASA 5520 from 256Mb to 512Mb. As far as I realized the built-in flash memory called system compact flash and there is also an empty slot which it is possible to install a user flash.
What is the difference between user and system compact flash? and for upgrade can I just insert the user compact flash or do I need to upgrade the system compact flash? Where can I find the part number for each type?
provide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM
View 10 Replies View RelatedI have asa 5520 k8 model presently i am running with IOS version 8.0(4) i am upgrading to 8.2(5) is ? any license required from Cisco to upgrade to this IOS, and also let me know how many site to site vpn can be configure on this device.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
[code]...
This platform has an ASA 5520 VPN Plus license. Serial Number: JMX1051K2S5.
I need to upgrade WCS firmware. Currently i am running with 7.0.172.0 .
View 1 Replies View RelatedRecently I brought SG 300-28.It came loaded with firmware ver 1.0.0.27.Can I upgrade it to ver 1.1.2.0 directly?
View 2 Replies View RelatedI currently have 3 WAP4410n's (actually, they're WAP4410N-E V02s) that have been really unreliable since I got them - so much so that we've had to cron a restart script on another server which is frankly ridiculous - they've always run firmware version 2.0.2.1.
I've tried updating the firmware to new versions in the past with no success - when I do so, it looks like everything's fine, but when I log back in, the fixed IP address information isn't shown, and the wireless is disabled. I can enable it, but I can't select a channel.
At this point, I have to revert back to the old firmware. I've tried restoring to factory setttings before and after the firmware flash, but this hasn't changed anything.
However, recently I was able to flash firmware 2.0.5.3 onto only one of the routers - it worked fine and all information was displayed and wireless enabled correctly. However on the other two, no matter what I try, the firmware won't upgrade succesfully - it looks like everything's fine, but the fixed IP information isn't shown and wireless/channels are disabled.
I have a Dir-655 A3 with the firmware 1.32NA. I cannot get the new firmware 1.35NA to take. The router seems to go through the motions of the upgrade, but at the end, when I log back on, the firmware still says 1.32NA & all custom settings remain.I have upgraded the firmware on this router before and I know that when its upgraded, the router is basically reset to factory settings. All the settings have been backed up and I am attempting this upgrade via a wired connection.
View 2 Replies View RelatedI have a DIR-655 Rev A4.I followed this forum in the past when there were many problems with firmware upgrades beyon 1.21. Because of this I never upgraded and was told to be satisfied that I can still stay with 1.21 as upgrades caused problems for a number of people.Everything still seems fine with 1.21 except the Shareport utility often does not pickup the printer connection upon booting to Windows Vista. I can always work around this by Disable and then Enable. It will then always find the printer. It is a minor annoyance however.Should I still stay with 1.21 or is upgrading to 1.35 NA recommended ? If I upgrade to 1.35 NA is there a downgrade path back to 1.21 if the upgrade does not work well ?
View 12 Replies View RelatedIt baffles me because the admin console doesn't look like it will browse your computer for a firmware update. Rather, it prefers you to specify a tftp or http server. I don't know how I'd set up my computer to be the http or tftp server and it doesn't really go into detail on what configurations or commands that would need to be used. I've used a tftp client in the past to send a firmware to routers and whatnot but not serve one.
View 1 Replies View RelatedI have firmware version 2.0.2.7. I've down loaded the firmware upgrade utility ver 1.3, and do not see a read me or help file. I've disconnected the cables as directed, but recive a 'broadcast error' and a 'browse device error'
View 2 Replies View RelatedI have three locations using the linksys wrvs4400n router with IPSec VPNS. They all work fine and point back to a Server2003. I just added a fourth location with the same router but this new router has firmware v2.x, where the others have firmware v1.x. When I connected the new router into the VPN network, it caused the other tunnels to go down. When I take the new router with firmware v2.x offline, everything else seems to work fine.
Can the v2.x firmware cause the other VPNS on v1.x firmware to go down and not work properly? Do I need to upgrade the firmware so all 4 linksys wrvs4400n routers are operating the same version number so not to cause the tunnels to disconnect?
I am trying to upgrade my RV016 hardware version 1, Firmware version 1.3.2 to firmware version 2.0.0. but can't find the file. Locating RV016_2.0.0? I am trying to upgrade to version 3.0.0.1
View 5 Replies View RelatedI cannot find instructions on how to use the latest 4.0.18 ADSL firmware on an 887 router.
I've downloaded adsl_alc_20190_4.0.018.bin from the website and copied it to flash, but cannot find any instructions on applying the firmware. Tried rebooting but made no difference.
What commands, etc, am I meant to use to make use of this ADSL firmware release ?
We have Sg-300-28 serious switches(SRW-2024 k9-EU) and i want to upgrade switch with latest firmware, any info for latest firmware is used for the same ?
View 6 Replies View RelatedI've just purchased 2 RVS4000. The units, which are V2, have been shipped with firmware 2.0.0.3. It seems this version suffers from multiple vulnerabilities I would like to fix asap. Unfortunately, I was unable to upgrade to 2.0.2.7.
One one of the units, I went through the upgrade process via the admin interface. It seemed to work, though it got tucked at 100% - which is a known issue, as per the release notes - but then, instead of having my unit upgraded as advertised when going back to the home page. It seems I'm stuck in 2.0.0.3. I tried the upgrade a couple of times without any success before posting here.
On top of that, the other unit I have is on another site, far from where I am at the moment. It is also a 2.0.0.3 firmware. I didn't try the upgrade, as I prefer to be on site when doing this type of things, this will be the case next week. This other unit seems to be much more responsive than the one I tried to upgrade without success. On the one I have now with me, I have plenty of freezes every time, it can take up to 5mn for the device to respond to a query. The other one I'm managing remotely does not show these problems. Also, even though the units are the same, the "faulty" one seems to have issues to keep all the settings properly. For example, key lifetimes get always reset to 0 sec, and I have to fill 28800 and 3600 each time I make a change in the configuration. Again, the remote one does not have this issue.
So my questions are :
- Any info on this kind of issues with the RVS4000 ?
- Is it normal 2 units purchased at the same time, which have been shipped with the same firmware, behave differently ?
- Is it possible I have a faulty hardware ?
After much investigation I finally found what I thought was the firmware upgrade for my WAP4400N access point, I downloaded the file which is a .img file which seems a bit off I think. Anyway when I go to the admin page it decides its an unknown file format. Could someone explain what I am supposed to do with it!
I have to say I am very dissapointed with the whole support function of this site it is very hard to navigate and when you do think you have the correct link, its not. How very helpful!!! I suppose there are networking gurus who look after multi 1000 user systems who understand how the site works and think its fantastic. I support 5 PC's and 7 laptops on top of my normal job, it should be easier.
I'm trying to upgrade a switch SRW224G4 but without success. Model Name SRW224G4 Hardware Version 00.03.00Boot Version 1.0.0.06
I send the file via the XModem( SRW2xxG4_FW_1.2.3.0 ).