Cisco Firewall :: Upgrade Path ASA5505 From Version 7.2 To 8.4?
May 9, 2013
what the upgrade path is for 5505 ASA . I have one which is version 7.2 and need to upgrade it to 8.4(5). I have read that it needs to upgraded btwn major release versions.Not sure if I need to upgrade from 7.2 - 8.0 , then form 8.0 - 8.2, then from 8.2 - 8.3 and finally 8.3 to 8.4 or can I just upgrade from 7.2 - 8.2 and then from 8.2 - 8.4 .Also what is the minimum memory requirements for vers 8.4 .my ASA running on vers 7.2 currently has 256Mb Memory and I will be upgrading this to 512MB before I do the upgrade the image above?
so we have been using our current ASA5505 for a long time. Since it only support up to 10 VPN licenses, so we buy a new ASA5505-SEC-BUN-K9(support up to 25 users).
the old ASA are running: 8.0.3 and ASDM 6.0.3 the new ASA are running: 8.2.5 and ASDM 6.4.5
I thought it would be simple as export and import the config file, but when i tried to restore, the new one is looking for a zip file but the old one doesn;t backup file in ZIP. It looks like i need to update the ASA version or/and ASDM?
I am pretty new to this and never upgrade any of these versions since I am aware of the upgrade may mess things up. So do I need to upgrade both the ASA version and the ASDM in order to restore my config? any effect if i do the upgrade? I also read some articles, we need to upgrade on the version one by one, like 8.0 to 8.1 then 8.2?
I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.
configuring the ASA particulary after the change to how NAT is implemented. What I am trying to accomplish logically seems fairly simple, yet I cannot get it to work. I have a Synology NAS at home that I am trying to reach via the internet. Prior to using my ASA, I had Verizon's FIOS router as my gateway and everything forwarded with no issues. The ports I need forwarded or reachable via the internet are TCP port 80 and 5000.I can also configure it via command line if that's the easier/preferred method.
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
I want to confirm if the upgrade license (ASA5505-SW-10-UL=) is backward compactible with PIX 501 firewall device? though pix 501is end of life bit i want to verify if the upgrade license for asa5505 will work with it?
I just need to upgrade existing FWSM of 6509.FWSM Firewall Version 2.3(1)is it possible to upgrade to the version of 4.X .If not to which version is safe?And also I need to steps of doing FWSM upgrade.
I'm getting an error message on my 506E that is saying not enough flash space to install the new version 8 software. I did a clear flashfs command and then tried again but get the same error. Do the PIX 506E can be upgraded from version 6 to version 8? I am trying to install pix804-28.bin.
I am looking to upgrade a 5510 that is currently on code version 8.0(4) to code version 9.1. I know I will have to upgrade to 1gb ram, but can i just upgrade straight to version 9.1 or do I need to follow an upgrade path? This is a standalone device so I am planning on downtime.
I want to upgrade "inside hosts" from 10 to unlimited on a ASA5505-BUN-K9, Do I have to buy Security Plus license ( L-ASA5505-SEC-PL =) ) before activating ASA5505-SW-10-UL ?
Is there a known bug for Nexus 7K version 6.0(4) related to route redistribution?I have few vlan interfaces and being redistributed to the BGP.vlan interfaces are all up ang pingable.After configuring redistribution, vlan route is not in the bgp table.sho ip bgp is saying "path invalid"
BGP routing table entry for 10.165.101.192/28, version 26302 Paths: (3 available, best #3) Flags: (0x180c0021) on new-list, is not in urib, need resync with RIB, exported, has label vpn: version 47719, (0x100002) on xmit-list local label: 492294
I finally can upgrade my 1841 routes from 12.4 to the latest 15.1 IOS. Any info about upgrade path , do I need to modify config file and provide me with upgrade instruction link or something like that ?
Where can I find information regarding the details and upgrade path for the 2821 Intergrated services router. We are looking to upgrade from 12.4 (c2800nmc-spservicesk9-mz.12.4xxx.bin) to 15.1. Is their a spefici location to look for in the download or IOS area for upgrade paths?
We are planning to upgrade our controller 5508 from 7.0.116.0 to 7.1.91.0. Is this directly possible or i have to put some other image before directly upgrading it?
I would like to perform nondisruptive upgrades on two Cisco Nexus 5010s that currently run NX-OS version 4.1(3)N2(1) to Release 5.1(3)N2(1a). Is this possible? Or, do I need to upgrade to Release 5.0(2)N1(1) first?
have just set up a WLC 4402 as a Guest WLAN controller on the DMZ of our network. I have successfully managed to get our internal controllers to connect to it, with the exception of 1. it says the control path is up but the data path is down. the other 14 controllers worked fine, and in testing the last one was OK but it is now not working properly. the 2 controllers can ping each other but just won't create the data tunnel. there is a firewall in the middle but that has been set up to allow traffic between the 2 groups of controllers to be unrestricted.
the internal controllers are 4404's and all controllers are running the same version of code. 5.1.151.0.
ASA running 8.2(5).When I enable ip spoofing on my network interfaces I see this getting logged:
Deny UDP reverse path check from 10.100.100.102 to 10.100.100.255 on interface SPECTRA-LAN
This is because interface SPECTRA-LAN (VLAN50) is the interface connected to the network with ip 10.100.100.0/24 but the interface do not have a ip address so it does not exist in the routing table I believe?However interface INTERN do also belong to network 10.100.100.0/24 which also is the management interface and the default route for hosts in network 10.100.100.0/24, but has no vlan.
1. move the management0/0 to SPECTRA-LAN and give SPECTRA-LAN ip 10.100.100.1?
2. give SPECTRA-LAN a ip address in the 10.100.100.0 range?
My routing table and interface list is:
Current available interface(s): DATA-BACKUP Name of interface Redundant1.10 DMZ Name of interface Redundant1.900 GUEST Name of interface Redundant1.990 HOSTING Name of interface Redundant1.100 Infrastruktur Name of interface Redundant1.20
I have a C2950 Switch & I am trying to upgrade the IOS version of it so that I can proceed with learning about SSH. My current version of 12.1 does not have Enhanced Imaging. I am so new to Cisco, that I have spent hours trying to find the correct page, or link, or anything that can enable me to upgrade to a later version.
I have installed ACS Windows 2003 R2 Services Pack 2.
I am upgrading of version 4.1.1.23 to version 4.2.1.15. Recommended by Cisco.
Before of update everthing works fine.
After of upgrade, this does not authenticate user, sends the next message "External user not found", "Authentication session invalidated" and "internal error".
I am trying to lock down the VPN access on my Cisco 5520 ASA's whereby I wish not to allow users to SSH access etc on servers running on the same interface that they are VPNing into.
I did not originally configure the ASA and so I am slightly confused by some config on it. Currently when I attempt to PING a server within the same interface as the VPN network I get the following error in the logs below.
5 Jul 05 2012 09:45:15 305013 monitoringsystem Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src dmzAHdata:VPN IP dst AHdata:monitoringsystem (type 8, code 0) denied due to NAT reverse path failure
As a workaround I created a NAT exempt rule which then allowed traffic to the server in question however I wish to limit the traffic to only ICMP and when I do this in the firewall it does not take affect. Is this because of the NAT exempt rule?
I have succeeded in turning the AP from autonomous into LWAPP mode with the Ugrade tool. The AP has been loaded with c1130-rcvk9w8-tar.124-10b.jda due to the upgrade tool version 3.4,After reboot, the AP appears on the vwlc (YES!) however as you can see in APvwlc.jpg the AP now have version 3.0.51.0.I need the AP to be loaded with version 7.3.101.0 with FlexConnect mode.
I have 4 switches of 3750. I need toupgrade all the switches, but I can't to disconnect the stack cable.How I can to upgrade the version without to disconnect the stack cable?
We have five cisco WLC 5508 and one WCS .The WLC is running on 7.0.116.0 version at present but we want to upgrade it to 7.4.100.0 but on cisco site at download location , the below thing is mentioned...
WLC Version 7.4.100.0 will need Prime Infrastructure Version 1.3 to be managed, Version 1.3 is not yet available to download at this point of time
Access Point Model----Cisco 3501i Series
So i want to know, can i upgrade it to this version when we are having the WCS in our network ?
I would like to upgrade our three WLC 4402 controllers from version 7.0.116.0 to 7.0.235.3. I have downloaded the two files (AIR-WLC4400-K9-7-0-235-3-ER.aes and AIR-WLC4400-K9-7-0-235-3.aes). Which one should I upgrade/install first?
