• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1257
  • Last Modified:

Cisco ASA 5510 - migration problems from ASA 8.0.2 --> 8.3.2

I am trying to upgrade the ASA.  The newer version of ASA is 8.3.2.

I loaded a 2nd ASA 5510 with the new ASA software and then applied the running config from my production 5510, which is running 8.0.2.

Now I have no NAT Rules...  Is there a way to migrate the existing rules into the newer ASA software?  After this is resolve, I could really use more help getting these firewalls setup...

I can include the configs in private e-mail if necessary...
0
Talon0926
Asked:
Talon0926
  • 2
  • 2
  • 2
2 Solutions
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Read the release notes for 8.3, it says that you should upgrade to 8.2 prior to 8.3. The upgrade-gap between 8.0 and 8.3 is to big for the upgrade-script to handle.

/Kvistofta
0
 
Talon0926Author Commented:
In going from 8.0.2 to 8.2 - what method of upgrade is most reliable?  Using ASDM or...
0
 
ArneLoviusCommented:
it doesn't matter how you get the file on there, reload the asa at the software level of your production asa, with a copy of your production config on, then reload at the intermediate stage an it will upgrade the config, then reload again at the final one and it will upgrade it again
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
ArneLoviusCommented:
for clarity, you can have multiple ASA images on the ASA at the same time

The ASA will upgrade the automatically when it loads

load all three images, but set it to boot from 8.0.2

copy on your config and reload the ASA, check that the config is still correct

set the ASA to boot from 8.2 and reload it, when it reloads the config will be upgraded to 8.2, check that the config is still correct

set the ASA to boot from 8.3.2 and reload it, when it reloads the config will be upgraded to 8.3.2, check that the config is still correct

your only issue is that to do this with your exact config, you'll have to set-up a "lab" environment as it will have the same network address as your production ASA...

0
 
Talon0926Author Commented:
I will try the migration path suggested by Arne.  For now I will accept that reply and close the ticket.  I was also recently told by a Cisco engineer that 8.3.2 takes more memory.  So, for now, I will stay at the 8.0.x release...  
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Yes, the memory requirements are higher, that is another reason for you to read the release notes before upgrading.

/Kvistofta.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now