Solved

Upgrading ASA 8.2(5) to 9.1.4

Posted on 2014-03-04
4
7,451 Views
Last Modified: 2014-03-05
I have a site that has very little traffic so I tried out upgrading it from 8.2(5) to 9.1.4 throwing all caution to the wind as there would be no impact if it went sideways.  It seemed to go fine using the ASDM Tools/Check for ASA Upgrades features.  But I had seen earlier that one should be going to say 8.4 and then upgrading to 9.whatever.  Perhaps I am missing something because these get so little use?  Or should that be an ok upgrade path?

And on a related note - how do I get the OS Downgrade tool as a backup?
0
Comment
Question by:amigan_99
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 333 total points
Comment Utility
If I recall correctly, the suggested upgrade path is if you're trying to preserve your configuration.  When upgrading from 8.2 to 8.4, the software attempts to re-write the config to the new version.  In my experience, though, it's only partially successful.

Here's an article on migrating to 8.3 and up; it includes info on how to downgrade:  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 167 total points
Comment Utility
Ive not (he says touching wood) had a cisco firewall fail on me during an upgrade.

Back up the ASA first, Then If you're worried go to 8.4 - I've taken a corporate firewall straight from 8.2 to version 9.x the worst I've seen happen is it leave a lot of junk NAT statements in the config that are no longer used.

Upgrade and ASA from command, from ASDM or straight from Cisco

Pete
0
 
LVL 28

Accepted Solution

by:
asavener earned 333 total points
Comment Utility
Unfortunately, I have had it fail.  First, it might discover previously-undetected problems with your flash file system.  Second, there are significant differences with the NAT syntax, and the converter often fails to convert them properly.

Make sure you fully understand your environment.  Keep a copy of your original config, and if you primarily use ASDM, make screenshots.  If you use VPN, make sure you use the correct command that also displays your pre-shared keys.
0
 
LVL 1

Author Closing Comment

by:amigan_99
Comment Utility
Great info.  Thank you guys.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now