Solved

Cisco ASA 5520 Firmware Upgrade Path

Posted on 2011-02-28
4
2,615 Views
Last Modified: 2012-08-13
Hello,
I am currently running two Cisco ASA 5520's in an active/passive failover pair.  We are currently running version 8.0.2 of the firmware and would like to upgrade to the newest version.
I have two questions: 1) Should I upgrade all the way to 8.4.1 or go with a pre-8.3 version of 8.2.4? And why?
2) Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?

Uptime is of great importance.  We can't have more than a few minutes of downtime and ensuring that things work smoothly when the firewalls are on the new firmware is very important.

If there is any other information you feel is important when trying to make this decision, please feel free to ask me.

Thanks,
Danny
0
Comment
Question by:dbeutler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 35000262
There are major changes in the way NAT is handled in 8.3 and later code.  My suggestion would be to go to 8.2.4 code for the time being.  At whatever point you are seriously considering going to 8.3 or later, you'll probably want to either do some significant lab testing to understand how it works, or you'll want to schedule maintenance windows to have time to do the upgrade, test, etc., and be prepared to downgrade back to 8.2.4 if it's not performing the way you need it to.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35000805
Hi,

I also recommend 8.2.4, if the uptime is important, because there is same migration problem with the newer images! First of all I advise to upgrade your memory to 2Gbyte:

http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html

0
 

Author Comment

by:dbeutler
ID: 35037852
Hey Guys,
I have purchased the 2GB memory upgrade for both ASA's.  It seems like the suggestion is to go with 8.2.4.  The remaining question is: Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?
Please keep in mind that I want this to be as close to a zero-downtime upgrade as possible.

Thanks,
Danny
0
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
ID: 35068932
You should be able to upgrade directly to 8.2.4, you don't need to do each minor revision.  If you were going to 8.4, I would probably suggest going to 8.3 first since there are significant changes, then making the jump up to 8.4.  But unless there's a feature in 8.3 that you really need, I would stick with 8.2 for now.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question