ASA IOS upgrade

Posted on 2010-11-30
Last Modified: 2012-05-10
am using asa firewall. i want to install netflow analyzer...So its requirement asa ios version mini 8.2.. my ios  8.0  please see below sh version

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

ASA-SMS up 36 days 1 hour

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : ¿CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: ¿CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : ¿CNlite-MC-IPSECm-MAIN-2.05
 0: Ext: Ethernet0/0         : address is 0024.14d2.083c, irq 9
 1: Ext: Ethernet0/1         : address is 0024.14d2.083d, irq 9
 2: Ext: Ethernet0/2         : address is 0024.14d2.083e, irq 9
 3: Ext: Ethernet0/3         : address is 0024.14d2.083f, irq 9
 4: Ext: Management0/0       : address is 0024.14d2.0840, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 50
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 0
GTP/GPRS                     : Disabled
VPN Peers                    : 250
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has a Base license.

Serial Number: JMX1311L14Y
Running Activation Key: 0x2710f762 0x60960500 0xc4007520 0xa084d090 0x05183091
Configuration register is 0x1
Configuration last modified by admin at 10:21:26.090 AST Mon Nov 29 2010

So how to upgrade my ios ? from where i get latest ios ? if i trying to upgrade ios anything happend or effect running configuration ? Please give me solutions and advice ....

Question by:nisartlaa
LVL 79

Accepted Solution

lrmoore earned 250 total points
ID: 34237622
You can only download the ASA image from, and you have to have a valid CCO account with a valid smartnet contract in order to download the images.

Get both the ASA and the ASDM images
I recommend 8.23 for ASA and 6.34 for ASDM
I do not recommend going to 8.3
Using the ASDM upgrade tool, you can upgrade directly from your local PC after you download the images from Cisco. The whole process may take 5 minutes, including the reload. Since you are already on 8.x there should be no changes or affects from the upgrade. Very quick and painless.

Assisted Solution

mayankblitzster earned 250 total points
ID: 34237715
First of all, before you touch anything, you should list your configuration using the command:

show config

Print your config to paper, just in case. Your config should stay during the IOS upgrade, but you never know what could happen. You may want to make sure you have console access to the router, as well as the ability to connect to it via the ethernet port. You can temporarily change the address on the ethernet port if you wish by entering:

conf term

At the (config)# prompt select the interface:

int eth0


ip address x.x.x.x y.y.y.y

where x is the ip address and y is the subnet mask. Use the earlier show config command so you can set it back when you are done. You could also enter a secondary address instead. Whatever you like.

You can find out what the name of your current flash image is by:

show flash

The next thing you should do is copy your current image (flashimage) up to the TFTP server:

copy flash:flashimage tftp://ipaddress/flashimage

You should see an entry like this in the log of your tftp server:

Receiving 'flashimage' file from x.x.x.x in binary mode

Copy your current image twice if you wish, to different file names, just to be safe. Browse Cisco to be very sure you have the right image. If you load the wrong image of IOS, your router won't work. Pay attention to the amount of RAM your system has, and how much the upgraded IOS needs. IOS 12.2 needs more RAM than 12.0, and Cisco isn't lying about this. When you are happy you have the right image:

delete flashimage
copy tftp://ipaddress/flashimage flash:flashimage

You will be asked if you want to erase the current image. Say yes. When it is done loading, change your eth0 IP if needed, and remove any old boot references:

conf term
no boot system flash oldflashimagename
boot system flash flashimage

Now copy your config:

copy running-config startup-config

Reload, and you are set:


Now, when you reboot all should come up ok. If it doesn't, you will have to use the console port and xmodem to load an image that does work, and this is painful. Here is how to do it.

Pretty much, you just hit ctrl-break (At least with the version of HyperTerminal we used) when the router boots to get into rommon. Minicom or other terminal programs may have different sequences. Try ctrl-c, esc, etc. After you successfully enter rommon, you just:

rommon> xmodem -cf fileimagename

then, from your terminal program, send the file using xmodem. On our 1600, we had to do this at 9600 baud. We couldn't figure out how to change our router to transfer faster than 9600, although we did see some references to how to do it. At 9600 baud, it takes about 50 minutes to reload IOS. After you are done uploading the image, remove the old boot references and copy config to start as above. If all else fails, you could go back to the flash image that you copied via TFTP.

Hope it helps you

Expert Comment

ID: 34244066

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below.…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question