Anyone upgraded a Cisco Concentrators image before?

Unanswered Question
Nov 4th, 2007

Hi, I have a Cisco 3015, what is the best way to upgrade the image? The current image info is below, I go this from the web admin tool. If everything is running fine should I update it?

Current Software Revision:

Cisco Systems, Inc./VPN 3000 Concentrator Version 4.7.2.A Aug 18 2005 22:40:40

Type in the name of the image file below. The current image file is vpn3000-4.7.2.A-k9.bin.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Mon, 11/05/2007 - 14:38


I have upgraded images on Cisco VPN concentrators a number of times. The process is relatively straightforward: you download the new image to the hard drive on your PC, connect to the concentrator using the web interface, navigate to the Software Update screen for Concentrator. On that screen it shows what you are currently running and gives you an option to give the name for a new image file. I use the browse option to locate and select the new image from the hard drive of the PC, and then click the Upload option on this screen. The concentrator retrieves the new image that you have specified. After the new image is transferred to the concentrator then you go to the System Reboot screen and you schedule a reboot of the concentrator. The concentrator will automaticalyy boot the new image.

The aspects of this that took me a little while to get used to are that it is not doing a transfer from a TFTP server the way routers and switches do. And that we do not need to configure any boot system commands like the routers and switches do.

I do not believe that there is a clear cut answer about whether you should upgrade the image from what you are running. On one hand it seems to be running ok. On the other hand there have been a number of enhancements and fixes supplied in the releases since the one that you are running. For example the new code supports the new dates for Daylight Savings Time where the image that you are running operates with the old dates. There have been some fixes for security issues. If it were me I would upgrade the image.



whiteford Tue, 11/06/2007 - 01:36

Thanks Rick, just a couple of more things, being a cisco 3015 would I just need the "vpn3000-4.7.2.M-k9.bin

Software for VPN 3015-3080 Concentrators" image?

I assume it is the 3015 as it doesn't say anywhere, the memory is 128MB and has 4 slots free on the back.

Also are the Concentrators at the end of their life? Being replaced by ASA's?

Richard Burts Tue, 11/06/2007 - 01:48


I believe that is the image that you would need.

If you want to verify what model the concentrator is you can go to the system status screen under monitoring and it will tell you the model and other information.

Yes the 3000 series concentrators have reached the end of sales status. The replacement is the ASA, This link will give more details:



whiteford Tue, 11/06/2007 - 01:51

Great a 3015 it is.

I'm actually getting (you replied to my link)a ASA 5520, I will continue with the 3015 but add a second peer address to the VPN routers to failover to the ASA. When this is what I will try to do :)

Not sure where It should be the ASA first then the 3015 2nd.

Richard Burts Tue, 11/06/2007 - 02:04


My advice would be that while in the long run you want the ASA to be primary that in the short term you keep the 3015 as primary for a while. You have working tunnels based on it. Bring up the ASA, get some experience with it, and then change one or two of the tunnels to primary to the ASA. After they have run for a while and everything is stable, then you can make the ASA primary and the 3015 the backup.



whiteford Wed, 11/07/2007 - 02:20

Hi Rick, I love the session info on the Concentrator where I can see what site-to-sites are up and what user are connect (via the VPN client and version), can the ASA do this?

Richard Burts Wed, 11/07/2007 - 07:22


Yes in the ASDM (which is the GUI for the ASA) if you select the Monitoring tab and in the left pane select VPN statistics there is an option to display VPN sessions which gives fairly equivalent information as what the 3015 gave.



whiteford Wed, 11/07/2007 - 07:28

Thanks, silly question but are the any screenshots, demos where I can are this?

Shame there isn't virtual equipment we could practise on, unless there is for training purposes.

Richard Burts Wed, 11/07/2007 - 07:40


I am not aware of screenshots or demos of the ASDM but I would expect that somewhere on the Cisco web site there probably are some. I did a quick look and found this link:

It does require login ID and password. I am not sure what level of access rights it requires. It will download an MSI file which is described as a demo of the ASDM. I have not actually installed it or viewed it so I can not tell exactly what it has. Give it a shot and let us know if it works for you.



whiteford Wed, 11/07/2007 - 07:51

What a great tool, like having the real thing!

Is there such thing as virtual devices for chaps to train on rather that spending lots of cash on physical devices?


This Discussion