I am upgrading a active/standby pair of asas 5520's from 8.4.1 to 8.4.5. I am wondering if there is anything i need to be careful of. I do use a lot of Nat policys and i have had issues with 8.4.1 and proxy arp so i hard coded alot of my nat ip's.is there a good procedure? I want toupgrade one and keep one shut down while i test all my applications and connectivity and then bring it back online and upgrade it.
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
I have recently gone to upgrade my firewall to version 8.4.4, but afte i upgraded this all the network objects have all got jumpled up, lost there descriptions lost there names and there are some duplicates.
I have never touched a firewall box before but i need to upgrade the IOS on 2 ASAs that are running in production. I am upgrading from 8.2(2) to 8.2 (5). Just to point out, one of the firewalls is having SSM module with it. Below in the end is the "sh inventory" output.I have downloaded the asa825-k8.bin and asdm-645-106.bin files already on my computer. Two queries to clear off:
1. Wanted to know if I need to download any more files. Like some feature licenses or anything else? I did "dir flash: to see what contents it had already and this was it:
28 -rwx 16275456 02:18:46 Nov 07 2010 asa821-k8.bin 129 -rwx 11348300 04:34:32 Nov 07 2010 asdm-621.bin 3 drwx 4096 08:03:46 Jan 01 2003 log 10 drwx 4096 08:04:00 Jan 01 2003 crypto_archive 11 drwx 4096 08:04:32 Jan 01 2003 coredumpinfo
2. How to I take a complete backup like it works in ASDM v6.2 "Tools->Backup configurations". I was reading thru the RN for doing that and what I could understand, it was talking about some "export" thing but it did not make much sense to me.Below is the sh version and sh inventory from both the ASAs?
FW01# sh ver Cisco Adaptive Security Appliance Software Version 8.2(1) Device Manager Version 6.2(1) Compiled on Tue 05-May-09 22:45 by builders
I'm upgrading an ASA from 7.2.4 to 8.2.5 due to memory requirements for 8.3. My question is should I upgrade to 8.2.5 or to the interim for 8.2.5. I would prefer not to upgrade to 8.2.5 and then hit the bug for the ASA leaving connections open and then have to upgrade to the interim anyway. But I know that it is advised not to upgrade to interim levels unless you have specific requirements or issues to fix.
I am having ASA5510 firewall which has 1GB RAM currently. I want to upgrade to 2GB. When I opened the box, I can see only 1 slot to insert the RAM. I searched in Cisco website and I got to know that I need to use 2 x 1 GB RAM. So, I need to have 2 slots to do that. But, I am having only 1 slot in the box.
We have 2 x ASA5520 and I upgraded this to 8.2.2 last year, I see 8.2.5 and now 8.4 is out. If we are having no issues, is it best just to leave it as it is? I can see a couple of features I may find useful in 8.2.5, but 8.4 seems like a huge jump and a risky one too.
We are about to upgrade our ASA's from 7.04 to 8.2. Obviously I will be opening a TAC case to assist with the upgrade and I will also be upgrading ASDM software at the same time. These production firewalls are paired with an active --> failover scenario and not active --> active. I had previously engaged cisco regarding the upgrade and they have recommended an upgrade path to ensure success. Also, I have a pair of test ASA's that I've gone through the upgrade process with - documenting the changes in commands and any changes in my config (I didn't notice any).So, the reason for my post is this: What are the gotcha's that you may have run into when upgrading your ASA's?These are fairly high visibility ASA's and any downtime due to the upgrade needs to be mitaged as much as possible.
I want to upgrade a pair of FWSM in active failover from 4.0(4) to 4.1(8) i just want to double check the process. i have tftp access to the primary at the minute. i cannot access the same tftp server with the standby. do i need flip over to the standby to be able to tftp the image across?
We wish to upgrade 8.2(3) to 8.2(5) on our asa 5520 and 5510. I have been looking for Cisco guides for installation instructions but havent been able to track any. or is it just as striaght forward as copy image, reboot secondary and the primary
Upgrade from firmware 8.21 5o 8.31? I am installing 1GB of memory in my ASA 5510 and in the process I have upgrade the firmware.
- Will the upgrade change my configuration or will I have to change this manually myself at some point - What is the meaning of "Real IP" I am not sure what the means (reading up on it now) - What else should I be concerned about during the upgrade?
I open case open to the Cisco about I am not able to get the SSH connection from ASA 5505 after upgrade the IOS 8.2.3 and Device Manager 6.3.3 from the older IOS 7.2.4 and device manager 5.2.4.
I am working in MNC and we have more than 30 office around the world.We have all offices have ASA5505 which we upgrade 3 years before and Now We are in procession to upgrade the IOS on all ASA5505 to all 30 offices.
But after I upgrade the 10 offices and relieze that not able to get SSH connection to ASA5505 with new IOS 8.2.3.I opened the 2 times case and call the Cisco Technical but no luck so far.
I am planning for an VSS in Core but firstly I need to upgrade FWSM which is at 3.2 Ver to 4.0.4 (min release) I have checked software dependencies but not sure about Hardware Dependency on Fwsm and Chassis for Eg. Rommon Upgrade on Chassis.
I have been delaying an upgrade past 8.2.5 because it is stable and I didnt feel like learning a new way of doing NAT because of the way the code was changed. What is forcing me to go down this path is that I need to be able to let protocol 41 pass through the firewall which doesnt work in 8.2.5 and is what is making me look at 8.3 or 8.4
I know that I will have to install a memory upgrade on both my lab 5505's before I can install the upgraded binary. Will be ordering that in the next few days.
Any suggestions on going to 8.3 or 8.4 based on the reason for the upgrade ? I had been told by TAC to stay away from 8.3 but never got a good reason for that. My lab config (i.e. home ASA) is pretty straight forward (no SSL or IPSEC config), so I would hope it would go fairly smooth. I had heard a lot of horror stories early on but wanted to see how things had been going for everyone with the later versions of code.
i need to upgrade ASA 5540 from 7.1 to 8.4 for secure connect feature of Cisco Jabber Configuration. Support forum guides that, i need to follow upgrade path from 7.1 --> 7.2 --> 8.0 --> 8.2 -->8.4 and also do a memory upgrade from 1GB to 2GB.
I need to use this feature for only three or maximum four users in company then would i really need to do memory upgrade? or can i go with 1GB memory?also how i can get the prices of part number "ASA5540-MEM-2GB=" at cisco.com?
ASA-ISB-HQ# sh version Cisco Adaptive Security Appliance Software Version 7.1(2) Device Manager Version 5.1(2)
Upgraded an ASA5520 from 7.x to 8.4 in one step? Release notes for 8.4 state that you can "...upgrade from any previous release directly to 8.4..." I've read the previous version release notes and see the various changes in NAT etc that 8.3 made.
I have a 2 ASA 5520 firewalls for high availability and need to upgrade IOS from 7.2(4) to 8.2 or latest. What could be the better way and upgrade procedure. Below is show version details and IOS upgrade to latest.
Cisco Adaptive Security Appliance Software Version 7.2(4)Device Manager Version 5.2(4) Compiled on Sun 06-Apr-08 13:39 by buildersSystem image file is "disk0:/asa724-k8.bin"Config file at boot was "startup-config"
IGN-ASA-1 up 45 days 17 hoursfailover cluster up 45 days 17 hours Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHzInternal ATA Compact Flash, 256MBSlot 1: ATA Compact Flash, 512MBBIOS Flash M50FW080 @ 0xffe00000, 1024KB
1-Can I do this upgrade directly? i have single ASA 5510 running 8.0.4, i want to upgrade it to 8.2.1, is it as simple as copying IOS and setting boot sequence?
2-I am copying IOS 8.2.1 from my another 5520 ASA, and installing it on 5510 ASA, will it cause any issues? just checking if there is any secret keys involved that can cause issue? (As far hardware req is concerned i have checked my both ASA matches Memory/Flash requirements)
how to upgrade a Cisco Pix 525 boot rom from 4.0 to 4.3. Is it a physical chip or software upgrade? Is it needed to upgrade to latest IOS on Cisco Pix 525 to 8.0. Where can I find more information on it?
When we had 8.2.2, we bought a Mobile license to make the iPads running AnyConnect happy. I applied it, but since we'd only purchased one license, it broke failover. 8.4 lets you share tracking licenses, and since we were planning on the upgrade to 8.4.x anyway, I figured no big deal, I'll get that straightened out when I do the upgrade.
Did the upgrade this weekend, and I still can't get things happy, the boxes don't see one-another:
Here's a show failover on the primary:
Failover OnFailover unit PrimaryFailover LAN Interface: failover GigabitEthernet0/3 (up)Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1Monitored Interfaces 6 of 160
I have been browsing the forum and the support notes for a couple of hours and haven't found a definitive answer to my question. Our ASA is on the subject versions. I watched a video on YouTube stating that upgrading the ASA is easiest if you upgrade ASDM, then the ASA. Problem is, I don't think I can upgrade ASDM first because I don't see a version that is compatible with ASA 7.2.x and 8.0.x.