Cisco Security :: ASA 5510 - Upgrade From 7.0(6) To 8.2(5)
Aug 18, 2011
I want to upgrade my ASA 5510 from version 7.0(6) to 8.2(5). Reading the release notes for 8.2(5) it says the DRAM requirement is 256MB unless you have high CPU usage. Also it says I need to upgrade through the major releases, from 7.0(x) to 7.1(x) and 7.1(x) to 7.2(x) and then from 7.2(x) to 8.2(x). The questions are:
- My ASA has 256MB of RAM and 68% of free memory, would you think it will run the 8.2(5) version with no problem?
- When making the upgrades to the major releases, is there any consideration regarding the configuration file? Or the versions to use for the 7.1 and 7.2 versions?
- Would you recommend making all the upgrades in one maintenance window? How much time could it take?
I am trying to upgrade all my firewalls to Security Plus but I am not sure what firewalls are needing the upgrade. Is there a SNMP pull I can do to see what license is on my firewall? example: "This platform has an ASA 5510 Security Plus license." via SNMP
ASA 5510 security plus edition will it support active/active failover. and does it support context with securiyt plsu edition. and how many default context do we get with asa 5510 security plus edition.
I have a NAC platfom with CAM/CAS - 4.7.2 and Agents - Windows - 4.7.2.10 and MAC - 4.7.2.507.
I want to upgrade to NAC 4.9 on the CAM/CAS and but want to know if CAM/CAS 4.9 will be compatible with agents Win/MAC 4.7.2.10/4.7.2.507 pending when I upgrade the agents on the Client machines. For certain reasons we do not want to do the Agent upgrade yet.
I have gone through the NAC 4.9 CAM/CAS/Agent Compatibility Matrix in the NAC 4.9 release notes but I am still not clear on this.
I have a project to upgrade an ASA 5520 to 9.1.x, then add another ASA for failover. What will be the correct way ?
I had the 2 Gb memory.
I have rewritten all nat statements (during my other 8.2 to 8.3 or 8.4 upgrade project, the nat conversion was catastrophic, so I rewrite all now).
Can I upgrade directly to v9 ? Or 8.2 -> 8.4 -> 9.1 ?
I think to :
- inject actual config in the new ASA in 8.2 - remove nat statement - upgrade to 8.4 - configure new nat - upgrade to 9 - connect the new ASA to the network and deconnect the other ASA - test - upgrade old ASA to 8.4 or 9 directly ? - configure failover
I am upgrading an ASA 5510 from ASA822-k8 to ASA841-k8. I know I have to upgrade the RAM to 1GB from 256MB, but was wondering if it is a direct upgrade, or do I have to step through some of the 8.3(x) versions?
I have a Cisco 1921 ISR Router with Security License running software version 15.0. I want to upgrade the router to 15.1. But I don't want to lose the security license that came with the router. When I look at the IOS downloads page on Cisco, all I see is universal images for all versions of 15.1.
My question is - where is the security license stored? In the IOS or programmed in somewhere else of the router? If I upgrade my router to one of the newer 15.1 universal images, will I lose my security license?
1-Can I do this upgrade directly? i have single ASA 5510 running 8.0.4, i want to upgrade it to 8.2.1, is it as simple as copying IOS and setting boot sequence?
2-I am copying IOS 8.2.1 from my another 5520 ASA, and installing it on 5510 ASA, will it cause any issues? just checking if there is any secret keys involved that can cause issue? (As far hardware req is concerned i have checked my both ASA matches Memory/Flash requirements)
We want to upgrade one of our Cisco 5505 with Security Plus license. what is the difference between L-ASA5505-SEC-PL and ASA5505-SEC-PL upgrade licenses?
I am using Cisco ASA5510 Firewall in my network. The IOS is Software Version 8.0(5)24. The Flash is 512 MB and DRAM 1GB on the ASA. I want to upgrade the IOS on my Firewall and use the Latest one.
Also, what are the IOS details for upgradation. The Firewall is serving both the VPN and FW Rules.
I have a two ASA HA and I'd like to upgrade the license to ASA5500-SSL-250. I need to know if i have to purchase one license (ASA5500-SSL-250) for the Active unit and one license (ASA5500-SSL-250) for the standby unit.
I am trying to find out the best path to upgrade to two ASA 5510 running 9.0 (1). I know there are changes in the new version. Let me know what information you need and i will post.
How to upgrade cisco asa 5510 from 8.0(4) to latest ios. Update latest one and step to upgrade. also need to update IPS firmware also because this device together with IPS.
One of my clients has an ASA 5510 running version 7.0(8) and ASDM 5.0(8). My question, to what versions of each software can I update the appliance to? Additionally, must I upgrade incrementally? i.e from 7.0 to 7.1 then to 7.2? I did find this article ,URL,That states you must go from 5.0 to 5.1 to 5.2, but 5.1 and 5.2 do not appear to be on the download page. The earliest release I could find was 6.2. Can I update the ASA version all the way up to v8 and then update ASDM? Also, noob question, updating the software doesn't erase any of the configurations does it? This is a live firewall and downtime for reconfiguration isn't much of an option.
we recently upgraded our ASA 5510 active/standby cluster from ASA Version 8.3.2 to 8.4.1(11). Unfortunately the standby ASA is now crashing a few seconds after the configuration was synchronized from the active ASA.
Also completely disabling HA, bringing the default config to standby ASA again and activating HA afterwards did not work. Also tried through the Wizard provided by ASDM to be sure to have no errors with requirements.
How to solve this without doing a downgrade back to 8.3.2. ?
I want to ask for the possibility of configuration below? 2x Cisco ASA 5510 running Multi-Context mode and Active/Active Failover1 Cisco ASA 5510 (ASA 1) has AIP-SSM1 Cisco ASA 5510 (ASA 2) has CSC-SSMThere are 2 contexts, context A and context BASA 1 is the primary firewall for context A, and secondary firewall for context BASA 2 is the primary firewall for context B, and secondary firewall for context A
Can AIP-SSM on ASA 1 inspects traffic of context B which primarily runs on ASA 2?Can CSC-SSM on ASA 2 inspects traffic of context A which primarily runs on ASA 1?
We are planning to upgrade the ASA license in an A/S pair by adding the ASA5500-SC-20= license. The ASA is 5545 and runs 8.6. According to documentation, after 8.3 version, the ASAs can share a license features and do not require the same license on both boxes. I run a test in GNS3 with 8.4(2) images and I saw that by adding the 'activation-key' command only on the primary unit did the job as the 'show activation-key' output shows. In order to be 100% sure would like to verify the following:
Putting the activation-key only on the primary unit is enough and there is no need to do anything elseIn case the primary unit is standby, again we have to put the actication-key command on the primary unit (I am asking this because the 'activation-key' command is not listed under the commands that are not replicated to the other unitk, but doesn't make sense to be replicated since the activation-key is 'tied' with the S/N of the device).
We have a 5510 ASA that was running 8.0 and were using it for clientless VPN access. Through this, we published bookmarks that linked to an internal Microsoft 2008R2 RemoteApps server, which users logged on to and then launched RemoteApps (basically being RDP sessions to apps on the server).All worked fine until we upgraded to 8.4 over the weekend and we now can't launch the RemoteApps. We can still login through the ASA, still click a bookmark to take us to the RemoteApps server's webpage, still then authenticate against the domain fine and still see the published apps. The problem now is when we launch the apps we get "this computer can't connect to the remote computer" messages and the app fails to launch. Nothing has changed on the RemoteApp server side, only the upgrade to 8.4.
I know from 8.2 to 8.3 was not a mirror update because of nat and access-list but is from 8.3 to 8.4 a mirror update or is there anything which I should be aware of?
I need to upgrade to firewall which supports Active/Standby configuration.I am currently using a ASA-5510,SSM-20 8.2(5).Will the configuration file from the ASA-5510 work on the 5515X?
We want to run ASA 8.4.x on an old ASA5540. We need to upgrade its memory to 2 GB with the following memory upgrade: ASA5540-MEM-2GB=
I suspect that we will completely remove the existing 1 GB of memory and replace it with 2 GB. If this is the case, can I use this 1 GB of memory removed from the ASA5540 and put it in a ASA5510 instead of buying a ASA5510-MEM-1GB= for the ASA5510?
I am looking to upgrade a 5510 that is currently on code version 8.0(4) to code version 9.1. I know I will have to upgrade to 1gb ram, but can i just upgrade straight to version 9.1 or do I need to follow an upgrade path? This is a standalone device so I am planning on downtime.
i have 2921 router with base license . i want to upgrade to it to security k9 feature or want to enable it. i have license file with product activation key. how should i do it. if any body have screen shot file
We’ve ordered ASA 5510 with security plus license as below description:
ASA5510-K8 ASA 5510 Appliance with SW, 5FE, DES L-ASA5510-SEC-PL= ASA 5510 Security Plus License w/ HA, GE, more VLANs + conns
The license details on the appliance shows as the below, Fail over : Enabled Encryption-DES : Enabled Encryption-3DES-AES : Disabled Security Contexts : Default GTP/GPRS : Disabled Any Connect Premium Peers : Default Other VPN Peers : Default Advanced Endpoint Assessment : Disabled Any Connect for Mobile : Disabled Any Connect for Cisco VPN Phone : Disabled Shared License : Disabled UC Phone Proxy Sessions : Default Total UC Proxy Sessions : Default Any Connect Essentials : Disabled Bot net Traffic Filter : Disabled Inter company Media Engine : Disabled
I’ve noticed that the 3DES is disabled, do I need to order another license to use 3DES or not ?Also, I need 2 ~ 5 branches to connect simultaneously and have VPN access on their laptops to the main branch via vpn software, which VPN software I should use and is our license enough or I should order another license.
i have upgraded a PIX 525 lately to a 5510 ASA, but i have faced a problem after this.One of the DMZ's are connected to a switch that is not connected to my VTP domain on a DMZ port.
with access-list to permit from host to host with all ports opened.my problem is that the outside client is able to initiate a windows VPN to a server that i have in the DMZ, BUT it disconnects after almost 10minutes. What might be the reason of the disconnection.Note, a cisco remote access VPN is also configured on the FW, and it doesnt disconnect.
I was under the impression that those global addresses that we used with NAT were from the outside IP addresses range?Lets say my outside IP address is idk 192.112.40.11 /30 and I only had two usable IPs (since you can't use network and broadcast IPs) so how would I set up NAT for a couple of Inside addresses with a shorting of addresses like this? Idk if that makes sense what I'm trying to say
