Solved

Cisco ASA 5520 Firmware Upgrade Path

Posted on 2011-02-28
4
2,646 Views
Last Modified: 2012-08-13
Hello,
I am currently running two Cisco ASA 5520's in an active/passive failover pair.  We are currently running version 8.0.2 of the firmware and would like to upgrade to the newest version.
I have two questions: 1) Should I upgrade all the way to 8.4.1 or go with a pre-8.3 version of 8.2.4? And why?
2) Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?

Uptime is of great importance.  We can't have more than a few minutes of downtime and ensuring that things work smoothly when the firewalls are on the new firmware is very important.

If there is any other information you feel is important when trying to make this decision, please feel free to ask me.

Thanks,
Danny
0
Comment
Question by:dbeutler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 35000262
There are major changes in the way NAT is handled in 8.3 and later code.  My suggestion would be to go to 8.2.4 code for the time being.  At whatever point you are seriously considering going to 8.3 or later, you'll probably want to either do some significant lab testing to understand how it works, or you'll want to schedule maintenance windows to have time to do the upgrade, test, etc., and be prepared to downgrade back to 8.2.4 if it's not performing the way you need it to.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35000805
Hi,

I also recommend 8.2.4, if the uptime is important, because there is same migration problem with the newer images! First of all I advise to upgrade your memory to 2Gbyte:

http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html

0
 

Author Comment

by:dbeutler
ID: 35037852
Hey Guys,
I have purchased the 2GB memory upgrade for both ASA's.  It seems like the suggestion is to go with 8.2.4.  The remaining question is: Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?
Please keep in mind that I want this to be as close to a zero-downtime upgrade as possible.

Thanks,
Danny
0
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
ID: 35068932
You should be able to upgrade directly to 8.2.4, you don't need to do each minor revision.  If you were going to 8.4, I would probably suggest going to 8.3 first since there are significant changes, then making the jump up to 8.4.  But unless there's a feature in 8.3 that you really need, I would stick with 8.2 for now.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question