We help IT Professionals succeed at work.

Cisco IOS Upgrade - Paranoia Question...

fpcit asked
Medium Priority
Last Modified: 2012-05-12
Hi all!  I have what might be a noob question, but more importantly a paranoia question.  I read the following blurb in Cisco's documentation about upgrading the IOS on the ASA's:

ASDM does not work if you upgrade (or downgrade) the security appliance software from 7.0 to 7.2 directly or upgrade (or downgrade) the ASDM software from 5.0 to 5.2 directly. You need to do it in incremental order.

Example: In order to perform the ASDM software upgrade from 5.0 to 5.2, first upgrade from 5.0 to 5.1 and then upgrade from 5.1 to 5.2. Likewise, for the security appliance, first upgrade from 7.0 to 7.1 and then upgrade from 7.1 to 7.2.

The reason that this particular blurb concerns me is because we are running IOS version 7.0.2.  (I know, it's as old as the ASA series, but I just picked up managing the device)  

So, my real question is: Will I have to upgrade to 7.1, then 7.2, then 7.3, etc, etc, etc, until I reach the revision that we want running (8.4.2) in order for the device to continue to function properly?

Thanks for the help in advance!
Watch Question

Backup the firewalls configuration completely and then spend some time looking through Cisco's download center for the proper upgrade.

We were able to avoid the incremental upgrades after a few minutes of searching their site for a full upgrade file (even though they said they didn't have one).

Network Architect
I would suggest using only the CLI (don't try to do the upgrade using ASDM), and you should be able to go from 7.0 directly to 8.2 without any significant problems.  The big changes from 7.x to 8.x relate to SSL VPN.  There are big differences going from 8.2 to later, so I would make the change from 8.2 to something 8.3 or later as a separate step.  You should be able to go from 8.2 directly to 8.4.2, but you could go through the 8.3 version if you're more comfortable with that. You will also want to load the new version of ASDM into disk0:/ and change the configuration command that references the ASDM image.  

The relevant commands are:

boot system disk0:/<image-name.bin>
no boot system disk0:/<old-image-name.bin>
asdm image disk0:/<asdm-image.bin>

Keith BrownAWS System Administrator
Usually you don't have to upgrade using every single release in between, but just the major releases (ie, 5.1 can skip over 5.2 & 5.3 and go to a 6.x release, then 7.x, before a 8.x release). There are usually some various versions they recommend using as the stepping stones.


Thanks guys.  I will try both suggestions.


Thanks for the help folks!!

Explore More ContentExplore courses, solutions, and other research materials related to this topic.