ASA & ASDM software upgrade

Unanswered Question
Jan 27th, 2010

i. How often should I upgrade the ASDM and ASA software?

I am confused by the versions on the downloads section of the CISCO website - do I pick the latest version without an ED for stability?

ii. Is there a correct order? DO I updgrade the ASDM software first, and then ASA or the other way round?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
RicheeJJJ_2 Wed, 01/27/2010 - 11:37

I recommend upgrading the OS about every 6 months  or so. I have some firewalls that I update ASAP and some that I only update when major vulnerabilities get patched.

You should update the ASDM the same time you update the OS. This has two meanings. First it means if you update the OS it's a good idea to update the ASDM. Second it means you can update both of them on the same reload. So when you upload the images to the ASA then you can set both asdm location and boot image location on the ASA and reload it so it updates both together.

Also, the last official stable version of ASA code cisco released was in the 7.'s. That means you can either choose a 2 year old OS because of its stability or opt for going for the most current OS because of its security patches and features. I've always gone with the very latest OS and did a thorough test after the upgrade (check VPN's, verify no new strange syslogs are going, check NAT, verify connectivity is the same etc).

Kureli Sankar Wed, 01/27/2010 - 19:29

Just one small correction.

ASDM update does not require a reboot. It takes effect right away. So, if you upgrade to a new code and asdm at the same time, the asdm may not be compatible with the code that the unit is running before the reload.  So, I'd reload the ASA with the OS upgrade and then copy the new asdm over.

-KS

Actions

This Discussion