Cisco ASA 5510 Pair Upgrade 8.21->8.47->9.14 Proxy Phones and VPN Tunnels

I am planning to upgrade my 5510 ASA pair as described  in the subject.  I am hoping to use the procedure at this petenetlive URL..

A few concerns.  

Will upgrading from 8.21 to 8.47 and then 8.47 to 9.14 be a good sequence?

Is there any risk to the functionality of my CIsco Proxy phones?  I have about 20 deployed around the country and I am concerned that the upgrade could leave some sales reps without phone service if there's an incompatibility.  Any issues to consider there??

Is there any risk to a VPN tunnel to another ASA 5510 pair which is still using 8.21?  That would likewise be very bad
if after the upgrade I could no longer get to the remote site.  Anything need to be reconfigured on either side after the upgrades?
amigan_99Network EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Soufiane Adil, Ph.DIT, Network Architect - CCNP/CCDPCommented:
Why you wanna upgrade ?
amigan_99Network EngineerAuthor Commented:
The primary issue is that I need to apply an upgrade license to accommodate more proxy phones.  I'm at 20 or 24.  I purchased the upgrade I think to 48 phones.  But when I got it I realized it was only associated with the primary member of the pair.  I was told that if I upgraded to 8.4 or beyond that the proxy phone license then works for both primary and the secondary unit.   If I apply the upgrade license to the primary and at some point it went out - then some of my remote users would be unhappy.  But if you see a flaw in my logic I'm all ears.
Pete LongTechnical ConsultantCommented:
>>Will upgrading from 8.21 to 8.47 and then 8.47 to 9.14 be a good sequence?

Yes in fact Im doing the exact same thing on Saturday! :)

>>Is there any risk to a VPN tunneil to another ASA 5510 pair which is still using 8.21

Not that I have seen- you are into introducing an IKEv2 capable firewall at one end, but both are still running IKEv1 :)

As for the phones I cant comment :( But as usual back up everything first, have copies of all the OS bin files and ASDM bin files. Before attempting an upgrade.

And thanks for the site plug!


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
amigan_99Network EngineerAuthor Commented:
Thanks Pete!  I'm getting close on my change doc.  I'm still worried about the proxy phone operation.  That will cause a major ruckus if that stops working.  What I think I'll do is..

>Reboot the failover after upgrade.

5510-1 (config)# failover reload-standby

..And then I will test all of the functionality including the proxy phone operation.  If all is good then I reload and activate the primary.  
If anything's amiss then I can simply take the secondary ASA offline, verify that the bootvar on primary remains as the original and activate it at pre-upgrade level.
Pete LongTechnical ConsultantCommented:
Sounds like a plan :)

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.