Solved

Upgrading ASA 8.2(5) to 9.1.4

Posted on 2014-03-04
4
7,606 Views
Last Modified: 2014-03-05
I have a site that has very little traffic so I tried out upgrading it from 8.2(5) to 9.1.4 throwing all caution to the wind as there would be no impact if it went sideways.  It seemed to go fine using the ASDM Tools/Check for ASA Upgrades features.  But I had seen earlier that one should be going to say 8.4 and then upgrading to 9.whatever.  Perhaps I am missing something because these get so little use?  Or should that be an ok upgrade path?

And on a related note - how do I get the OS Downgrade tool as a backup?
0
Comment
Question by:amigan_99
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 333 total points
ID: 39906247
If I recall correctly, the suggested upgrade path is if you're trying to preserve your configuration.  When upgrading from 8.2 to 8.4, the software attempts to re-write the config to the new version.  In my experience, though, it's only partially successful.

Here's an article on migrating to 8.3 and up; it includes info on how to downgrade:  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 167 total points
ID: 39906632
Ive not (he says touching wood) had a cisco firewall fail on me during an upgrade.

Back up the ASA first, Then If you're worried go to 8.4 - I've taken a corporate firewall straight from 8.2 to version 9.x the worst I've seen happen is it leave a lot of junk NAT statements in the config that are no longer used.

Upgrade and ASA from command, from ASDM or straight from Cisco

Pete
0
 
LVL 28

Accepted Solution

by:
asavener earned 333 total points
ID: 39906660
Unfortunately, I have had it fail.  First, it might discover previously-undetected problems with your flash file system.  Second, there are significant differences with the NAT syntax, and the converter often fails to convert them properly.

Make sure you fully understand your environment.  Keep a copy of your original config, and if you primarily use ASDM, make screenshots.  If you use VPN, make sure you use the correct command that also displays your pre-shared keys.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39907384
Great info.  Thank you guys.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Firewall setup within a managed office 8 92
ASA 5510 upstream unable to exceed 20 mbps 23 43
CISCO Smartnet agreement 5 36
route-map permit with a number 1 19
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question