Solved

Upgrade Cisco ASA 5505

Posted on 2014-03-29
8
5,824 Views
1 Endorsement
Last Modified: 2014-10-11
Hi, I have Cisco ASA5505 , its running code 6.0 , I just wanted to know what can be the latest Code I can have on ASA 5505 and procedure to upgrade this .
1
Comment
Question by:annasad
8 Comments
 
LVL 1

Author Comment

by:annasad
ID: 39964204
I just googled it to find above info , looking forward , how to upgrade step by step .. I might find it too .. but just looking this new info
0
 
LVL 4

Assisted Solution

by:Dash Amr
Dash Amr earned 250 total points
ID: 39964227
Hi Annasad,
few things to consider before moving ahead with the update Specially from 6.0

You need a valid service contract for Cisco ASA device to load the ASA software image from Cisco website. usually it takes some time (days) until your new service contract is registered and activated
Don't forget to check the RAM and FLASH memory needs for those newer OS"s.

the latest Update compatible will be ASA 9.1(4) ASDM 7.1(5).

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

Step By Step Guide for the Update Procedure
Download the software

First things first. In order to upgrade the software, you’re going to actually acquire the software. As long as you have a valid service contract, you should be able to login to cisco.com and download it. If you don’t have the ability to download it from Cisco, well, you’re on your own.

Check for free space
As I mentioned before Depending on your ASA hardware version (and what you already have saved in there), the amount of flash memory you have available will vary. Before proceeding, you’ll want to verify that you have enough space available to hold the ASA software (and ASDM, if you’re going to upgrade that too).

ciscoasa# show flash: | include free
127111168 bytes total (93192192 bytes free)

Here in the example, I have a little over 93 MB available which is plenty. If you don’t have enough free space, you’ll need to delete some other crap you’re hoarding there in order to make enough space.

Dump the software on a TFTP server

I’ll be copying the software over from a TFTP server and I’ve already made it available there. If you don’t have a TFTP server available it’s also possible to put it on a web server and use HTTP or HTTPS to transfer it to your ASA.

As last resorts, you can also copy it from a Windows fileshare (using SMB/CIFS) or, $deity forbid, Xmodem. Do the needful

Alright, now we’re to the good part.

ciscoasa# show version | include image
System image file is "disk0:/asa822-k8.bin"
ciscoasa# show asdm image
Device Manager image file, disk0:/asdm-635.bin
ciscoasa#

As you can see, this ASA is currently running version 8.2(2) along with ASDM version 6.3.5. Because Cisco recommends that you stay within the same major version (unless you need the features introduced in newer major versions), I’m going to upgrade to 8.2(5). We’ll also upgrade ASDM to version 6.4.5 as well.

For example, here’s the information we need to complete the upgrade process:

    TFTP server IP address: 198.18.42.125
    ASA 8.2(5) filename: asa825-k8.bin
    ASDM 6.4.5 filename: asdm-645.bin

Here we go!

ciscoasa# copy tftp flash

Address or name of remote host []? 198.18.42.125

Source filename []? asa825-k8.bin

Destination filename [asa825-k8.bin]?

Accessing tftp://198.18.42.125/asa825-k8.bin...!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa825-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
15390720 bytes copied in 42.870 secs (366445 bytes/sec)
ciscoasa#

Perfect. Now, let’s copy over the updated version of ASDM as well.

ciscoasa# copy tftp flash

Address or name of remote host [198.18.42.125]?

Source filename [asa825-k8.bin]? asdm-645.bin

Destination filename [asdm-645.bin]?

Accessing tftp://198.18.42.125/asdm-645.bin...!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asdm-645.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
16280544 bytes copied in 46.120 secs (353924 bytes/sec)
ciscoasa#

Tell the ASA which software you want to run

If the ASA and ASDM software that you just transferred to your ASA are the only copies in flash then the below steps aren’t completely necessary. Any time you have more than one copy in flash, however, it’s a good idea to explicitly specify which software you want the ASA to actually run.

If you don’t specify, it will use the first version that it finds in flash which may — or may NOT — be the one you want it to.

For good measure, let’s explicitly specify that we want to use the new versions that we just copied onto flash.

ciscoasa# configure terminal
ciscoasa(config)# boot system flash:/asa825-k8.bin
INFO: Converting flash:/asa825-k8.bin to disk0:/asa825-k8.bin
ciscoasa(config)# asdm image flash:/asdm-645.bin
ciscoasa(config)#

Easy enough, right?
Reload

At this point, the only thing that remains to do is to save your changes and reload your ASA so that it will boot into the new version of the software (and make use of the new version of ASDM).

ciscoasa(config)# end
ciscoasa# write memory
Cryptochecksum: aaaa08ce ccde38f2 19c42e08 dea24cbd

2713 bytes copied in 1.450 secs (2713 bytes/sec)
[OK]
ciscoasa# reload
Proceed with reload? [confirm]

Once the ASA comes back up, verify that it did, in fact, boot from the new software.

ciscoasa# show version | include image
System image file is "disk0:/asa825-k8.bin"
ciscoasa# show asdm image
Device Manager image file, disk0:/asdm-645.bin
      
Cheers
Dash
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
ID: 39966610
The ASA was introduced with version 7? I'm assuming you mean ASDM version 6?

Options;
Update Cisco ASA - Directly from Cisco (via ASDM)
Cisco ASA5500 Update System and ASDM (From ASDM)
Cisco ASA5500 Update System and ASDM (From CLI)
WARNING: If you are upgrading form below version 8.3 to a version above 8.3 - check your firewall has enough RAM;
ASA - Memory Error (Post upgrade to version 8.3)

Pete
0
 
LVL 1

Author Comment

by:annasad
ID: 39991461
thanks for all your comments . I wa able to upgrade it to ASDM 7.1 and code 9.0 . closing the question and splitting the points
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Expert Comment

by:Adonis Sardinas
ID: 40016596
Here is a Matrix that shows you what version of the ASA software can be installed on the CISCO ASA 5505 unit
http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

I myself had a CISCO ASA 5505 with 256 MB
Which can handle:
ASA 8.2(5)
ASDM 7.1(6).


After installing 1 GB DDR 400 Ram i updated the unit today to
ASA 9.1(5)

Runs perfect, I hope this answers your question.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40375158
Dear all,
I have a question:

I've got ASA 5525X model(ASA-OS 9.1) and exciting model is 5505 with ASA OS version 7.1.
I need to migrate config from old ASA to new ASA 5525.
Since there are hundreds of access-list, NATtings, I find it too difficult to re-configure each and every NATting, access-list.
Can I downgrade from ASA OS in 5525X to ASA 7.1 OS so that I can just copy and paste all commands ?

Thanks
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40375161
Or any easy way that I can convert exciting config from old ASA 7.1 to new ASA 5525 OS 9.1 ?
It is not that I'm lazy to reconfigure and it is just that I need to get this done asap in very shot time and exciting NATting, ACL is too many as there are so many Vlans, routings involve.

Thanks
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40375165
One more question is if I configure new unit as Failover unit of exciting old ASA, will all configurations from old ASA be replicated automatically to the new unit with its new syntax, command parameters ?
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now