Solved

Upgrading ASA 8.2(5) to 9.1.4

Posted on 2014-03-04
4
7,860 Views
Last Modified: 2014-03-05
I have a site that has very little traffic so I tried out upgrading it from 8.2(5) to 9.1.4 throwing all caution to the wind as there would be no impact if it went sideways.  It seemed to go fine using the ASDM Tools/Check for ASA Upgrades features.  But I had seen earlier that one should be going to say 8.4 and then upgrading to 9.whatever.  Perhaps I am missing something because these get so little use?  Or should that be an ok upgrade path?

And on a related note - how do I get the OS Downgrade tool as a backup?
0
Comment
Question by:amigan_99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 333 total points
ID: 39906247
If I recall correctly, the suggested upgrade path is if you're trying to preserve your configuration.  When upgrading from 8.2 to 8.4, the software attempts to re-write the config to the new version.  In my experience, though, it's only partially successful.

Here's an article on migrating to 8.3 and up; it includes info on how to downgrade:  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 167 total points
ID: 39906632
Ive not (he says touching wood) had a cisco firewall fail on me during an upgrade.

Back up the ASA first, Then If you're worried go to 8.4 - I've taken a corporate firewall straight from 8.2 to version 9.x the worst I've seen happen is it leave a lot of junk NAT statements in the config that are no longer used.

Upgrade and ASA from command, from ASDM or straight from Cisco

Pete
0
 
LVL 28

Accepted Solution

by:
asavener earned 333 total points
ID: 39906660
Unfortunately, I have had it fail.  First, it might discover previously-undetected problems with your flash file system.  Second, there are significant differences with the NAT syntax, and the converter often fails to convert them properly.

Make sure you fully understand your environment.  Keep a copy of your original config, and if you primarily use ASDM, make screenshots.  If you use VPN, make sure you use the correct command that also displays your pre-shared keys.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39907384
Great info.  Thank you guys.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question