• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1289
  • Last Modified:

Upgrading ASA5520 from asa708-k8.bin and asdm-508.bin to asa822-k8.bin and asdm-641.bin.

I have a two ASA5520's as failover and need to upgrade them from asa708-k8.bin and asdm-508.bin to asa822-k8.bin and asdm-641.bin. Can i just go to asdm-508.bin to asa822-k8.bin and asdm-641.bin or is their a way do do this upgrade? any help would be great.
0
remus91
Asked:
remus91
  • 4
  • 4
2 Solutions
 
Jan SpringerCommented:
I believe that you first have to upgrade to 7.23 before going to version 8.  That and the memory required going from v7 to v8 should be your biggest hurdles.
0
 
remus91Author Commented:
I just upgraded my ASA's to 2gigs this past weekend that should do it for the memory. so if I go to 7.23 then I can go right to 8.22? Also do you know the process to upgrade ASA failover?
0
 
Jan SpringerCommented:
Failover is nothing more than a cross-connect ethernet cable between an ethernet interface of each ASA.  You can use a switch, if you choose, and then use a regular cable to connect them.  Substitute the failover subnet used and the failover interfaces in the example below.

Primary:
       failover
       failover lan unit primary
       failover lan interface failover Ethernet0/3  
       failover key <put a key here>
       failover link failover Ethernet0/3
       failover interface ip failover 192.168.222.1 255.255.255.0 standby 192.168.223.1

Standy:
       failover
       failover lan unit secondary
       failover lan interface failover Ethernet0/3  
       failover key <put a key here>
       failover link failover Ethernet0/3
       failover interface ip failover 192.168.222.1 255.255.255.0 standby 192.168.223.1

According to Cisco's web site, "All Cisco ASA Software Releases (7.0, 7.2, 8.0, and 8.1) can be upgraded to Release 8.2.":
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-526545.html
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
remus91Author Commented:
My 2 ASA are hookup and running in production already so what would be the process to upgrade failover?
0
 
Jan SpringerCommented:
Choose an interface off of each -- preferably the same interface number.

Connect a cross-connect ethernet cable between the two interfaces used for failover.

Configure the failover information (this is an active/standby config) as shown above.

BUT before you do any failover configuration, you need to identify how you are using both actively in production today.  That tells me that the configurations of the two boxes are different.

Once you configure failover  and make changes, on the primary ASA you issue the command to save the config to the standby.  If you have two different configurations today, you cannot expect to run in failover mode in either active/active or active/standby.
0
 
remus91Author Commented:
My 2 ASA are up and running in production and in a failover pair already. The question I have is how do I upgrade to a new IOS in a failover pair?
0
 
Jan SpringerCommented:
This is how I would handle it:

Remove the failover configuration from the standby.   At this point, all traffic should be routing to the primary.

Upgrade the standby.  Verify that it doesn't complain about changes in command syntax and that it boots up without error.

If all looks good, tftp the image to the primary.

Put the failover configuration back on the standby and shut the external port down to the primary so that traffic flows to the standby.

Reboot the primary and bring the external interface back on-line.
0
 
remus91Author Commented:
Ok thanks.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now