• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1164
  • Last Modified:

ASA IOS upgrade

am using asa firewall. i want to install netflow analyzer...So its requirement asa ios version mini 8.2.. my ios  8.0  please see below sh version

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

ASA-SMS up 36 days 1 hour

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : ¿CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: ¿CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : ¿CNlite-MC-IPSECm-MAIN-2.05
 0: Ext: Ethernet0/0         : address is 0024.14d2.083c, irq 9
 1: Ext: Ethernet0/1         : address is 0024.14d2.083d, irq 9
 2: Ext: Ethernet0/2         : address is 0024.14d2.083e, irq 9
 3: Ext: Ethernet0/3         : address is 0024.14d2.083f, irq 9
 4: Ext: Management0/0       : address is 0024.14d2.0840, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 50
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 0
GTP/GPRS                     : Disabled
VPN Peers                    : 250
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has a Base license.

Serial Number: JMX1311L14Y
Running Activation Key: 0x2710f762 0x60960500 0xc4007520 0xa084d090 0x05183091
Configuration register is 0x1
Configuration last modified by admin at 10:21:26.090 AST Mon Nov 29 2010

So how to upgrade my ios ? from where i get latest ios ? if i trying to upgrade ios anything happend or effect running configuration ? Please give me solutions and advice ....


 
0
nisartlaa
Asked:
nisartlaa
2 Solutions
 
lrmooreCommented:
You can only download the ASA image from Cisco.com, and you have to have a valid CCO account with a valid smartnet contract in order to download the images.

Get both the ASA and the ASDM images
I recommend 8.23 for ASA and 6.34 for ASDM
I do not recommend going to 8.3
Using the ASDM upgrade tool, you can upgrade directly from your local PC after you download the images from Cisco. The whole process may take 5 minutes, including the reload. Since you are already on 8.x there should be no changes or affects from the upgrade. Very quick and painless.
0
 
mayankblitzsterCommented:
First of all, before you touch anything, you should list your configuration using the command:

show config

Print your config to paper, just in case. Your config should stay during the IOS upgrade, but you never know what could happen. You may want to make sure you have console access to the router, as well as the ability to connect to it via the ethernet port. You can temporarily change the address on the ethernet port if you wish by entering:

conf term

At the (config)# prompt select the interface:

int eth0

then

ip address x.x.x.x y.y.y.y

where x is the ip address and y is the subnet mask. Use the earlier show config command so you can set it back when you are done. You could also enter a secondary address instead. Whatever you like.

You can find out what the name of your current flash image is by:

show flash

The next thing you should do is copy your current image (flashimage) up to the TFTP server:

copy flash:flashimage tftp://ipaddress/flashimage

You should see an entry like this in the log of your tftp server:

Receiving 'flashimage' file from x.x.x.x in binary mode

Copy your current image twice if you wish, to different file names, just to be safe. Browse Cisco to be very sure you have the right image. If you load the wrong image of IOS, your router won't work. Pay attention to the amount of RAM your system has, and how much the upgraded IOS needs. IOS 12.2 needs more RAM than 12.0, and Cisco isn't lying about this. When you are happy you have the right image:

delete flashimage
copy tftp://ipaddress/flashimage flash:flashimage

You will be asked if you want to erase the current image. Say yes. When it is done loading, change your eth0 IP if needed, and remove any old boot references:

conf term
no boot system flash oldflashimagename
boot system flash flashimage
exit

Now copy your config:

copy running-config startup-config

Reload, and you are set:

reload

Now, when you reboot all should come up ok. If it doesn't, you will have to use the console port and xmodem to load an image that does work, and this is painful. Here is how to do it.

Pretty much, you just hit ctrl-break (At least with the version of HyperTerminal we used) when the router boots to get into rommon. Minicom or other terminal programs may have different sequences. Try ctrl-c, esc, etc. After you successfully enter rommon, you just:

rommon> xmodem -cf fileimagename

then, from your terminal program, send the file using xmodem. On our 1600, we had to do this at 9600 baud. We couldn't figure out how to change our router to transfer faster than 9600, although we did see some references to how to do it. At 9600 baud, it takes about 50 minutes to reload IOS. After you are done uploading the image, remove the old boot references and copy config to start as above. If all else fails, you could go back to the flash image that you copied via TFTP.



Hope it helps you
0
 
mahrens007Commented:
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now