Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Upgrading ASA 8.2(5) to 9.1.4

Posted on 2014-03-04
4
Medium Priority
?
8,192 Views
Last Modified: 2014-03-05
I have a site that has very little traffic so I tried out upgrading it from 8.2(5) to 9.1.4 throwing all caution to the wind as there would be no impact if it went sideways.  It seemed to go fine using the ASDM Tools/Check for ASA Upgrades features.  But I had seen earlier that one should be going to say 8.4 and then upgrading to 9.whatever.  Perhaps I am missing something because these get so little use?  Or should that be an ok upgrade path?

And on a related note - how do I get the OS Downgrade tool as a backup?
0
Comment
Question by:amigan_99
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 1332 total points
ID: 39906247
If I recall correctly, the suggested upgrade path is if you're trying to preserve your configuration.  When upgrading from 8.2 to 8.4, the software attempts to re-write the config to the new version.  In my experience, though, it's only partially successful.

Here's an article on migrating to 8.3 and up; it includes info on how to downgrade:  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 668 total points
ID: 39906632
Ive not (he says touching wood) had a cisco firewall fail on me during an upgrade.

Back up the ASA first, Then If you're worried go to 8.4 - I've taken a corporate firewall straight from 8.2 to version 9.x the worst I've seen happen is it leave a lot of junk NAT statements in the config that are no longer used.

Upgrade and ASA from command, from ASDM or straight from Cisco

Pete
0
 
LVL 28

Accepted Solution

by:
asavener earned 1332 total points
ID: 39906660
Unfortunately, I have had it fail.  First, it might discover previously-undetected problems with your flash file system.  Second, there are significant differences with the NAT syntax, and the converter often fails to convert them properly.

Make sure you fully understand your environment.  Keep a copy of your original config, and if you primarily use ASDM, make screenshots.  If you use VPN, make sure you use the correct command that also displays your pre-shared keys.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39907384
Great info.  Thank you guys.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question