Learn how to a build a cloud-first strategyRegister Now


Cisco ASA 5510 in failover setup IOS and ASDM upgrade

Posted on 2009-12-29
Medium Priority
Last Modified: 2013-11-16

I have two ASA 5510 in a failover setup and these devices need a IOS and ASDM upgrade. I have the correct IOS and ASDM software files and I recieved the following link from Cisco about how to perform the upgrade. See link below:

I read the sections
Upgrade a Software Image with ASDM 6.x
Upgrade an ASDM Image with ASDM 6.x
and it sounds pretty straight forward the only part I am not sure about is in which order I should complete the steps since the firewalls are in a failover setup and I am far from being a cisco gutu but I know that if the IOS does not match on both firewalls then they would not talk to each other.
So I plan is actually this and I would like to know if that will work for me.
1. Follow the steps in the link below and upgrade the IOS on the standby firewall. Cancel the
2. Upgrade the ASDM and do not perform a reload yet.
3. Open a new ASDM window connect to the primary firewall.
4. Perform the upgrade of the IOS of the primary firewall. Cancel the reload.
5. Perform the upgrade of the ADSM of the primary firewall. Save and reload.
6. About 30s later switch to back to the ASDM window of the standby firewall save and reload
    that firewall as well.

Will that work? I do not care about any downtime what I am more worried about is that I end up with two firewalls not talking to each other anymore because on has the old IOS and the other one the new one. I know in 8.0.(3) that was a problem.

Any recommendatiions would be very appriciated.

Thank you
Question by:Mc2102
  • 2
  • 2
LVL 13

Accepted Solution

GuruChiu earned 2000 total points
ID: 26141123
To minimize down time, this is what I will do:

Upgrade the firmware in primary, this includes copy both firmware & ASDM image and modify the boot image sequence.
shut down the primary (do not reboot). This will make secondary active. Do not remove any of the cables throughout the upgradation process.
Now since secondary is active, upgrade secondary, again, do not reboot.
Now shut down the secondary and boot up the primary (this would be your network downtime until primary boots up completely).
Once primary is up and running, wait for three minutes and boot up the secondary and we are through with it

Author Comment

ID: 26141480
Hello GuruChiu,

Thanks for your response. I like you approach and I am proberbly going to do that. The only step I am still unsure about is how I save the changes of the boot sequence.
See for example the procedure of the IOS upgrade - step 8

I only have the choice to save the save and reload. Will the command "write mem" save the changes for me?

Thank you
LVL 13

Expert Comment

ID: 26141700
My prefer way is to use these CLI commands while ssh or telnet to the ASA:
asdm image disk0:/asdm-621.bin
boot system disk0:/asa821-k8.bin
boot system disk0:/asa708-k8.bin

The order of the boot system appear is the order of boot sequence.

If you want to use ASDM, I kind of remember at the end of the software upgrade wizard, there is a window ask for changing the boot sequence.

Expert Comment

ID: 26159877
I tell you the most simple steps

1)Check the size of new IOS . then check the free space on flash of ASA. Usually space is sufficient to hold 2-3 ios in ASA
2) Put ios in flash of ASA using tftp
for that install tftpd32 in pc whicjh is connected to firewall add the ios in root directory of tftpd32 then on ASA put cmd
copy tftp flash
then it will ask the ip add of tftp server: enter ip add of pc
then it will ask the name of file: enter the name of ios image
put ios in both ASA
Put the ASDM image using the same method
3) put this cmd on primary ASA
boot system disk0:/asa708-k8.bin (name of the image)

save the configuration & reboot the ASA
next it will start with new IOS image.


Author Closing Comment

ID: 31670918
I followed these steps and it worked like a champ.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month21 days, 1 hour left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question