[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Upgrading ASA 8.2(5) to 9.1.4

Posted on 2014-03-04
4
Medium Priority
?
8,338 Views
Last Modified: 2014-03-05
I have a site that has very little traffic so I tried out upgrading it from 8.2(5) to 9.1.4 throwing all caution to the wind as there would be no impact if it went sideways.  It seemed to go fine using the ASDM Tools/Check for ASA Upgrades features.  But I had seen earlier that one should be going to say 8.4 and then upgrading to 9.whatever.  Perhaps I am missing something because these get so little use?  Or should that be an ok upgrade path?

And on a related note - how do I get the OS Downgrade tool as a backup?
0
Comment
Question by:amigan_99
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 1332 total points
ID: 39906247
If I recall correctly, the suggested upgrade path is if you're trying to preserve your configuration.  When upgrading from 8.2 to 8.4, the software attempts to re-write the config to the new version.  In my experience, though, it's only partially successful.

Here's an article on migrating to 8.3 and up; it includes info on how to downgrade:  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html
0
 
LVL 58

Assisted Solution

by:Pete Long
Pete Long earned 668 total points
ID: 39906632
Ive not (he says touching wood) had a cisco firewall fail on me during an upgrade.

Back up the ASA first, Then If you're worried go to 8.4 - I've taken a corporate firewall straight from 8.2 to version 9.x the worst I've seen happen is it leave a lot of junk NAT statements in the config that are no longer used.

Upgrade and ASA from command, from ASDM or straight from Cisco

Pete
0
 
LVL 28

Accepted Solution

by:
asavener earned 1332 total points
ID: 39906660
Unfortunately, I have had it fail.  First, it might discover previously-undetected problems with your flash file system.  Second, there are significant differences with the NAT syntax, and the converter often fails to convert them properly.

Make sure you fully understand your environment.  Keep a copy of your original config, and if you primarily use ASDM, make screenshots.  If you use VPN, make sure you use the correct command that also displays your pre-shared keys.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39907384
Great info.  Thank you guys.
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question