ASA image upgrade from ver 7.2 to 8.2 on 5520

Answered Question

Hello experts,

Can any body suggest me if i upgrade my image from 7.2 to 8.2 does all the services like ssl vpn, ipsec vpn client will work automatically or i need any thing more.

Currently my ASA is having the follwoing info in flash:

securedesktop-asa-3.1.1.16.pkg

sslclient-win-1.1.0.154.pkg

asa722-k8.bin and ASDM 5.2

So  when upgrade to 7.2 do i need latest version of sslcleint & securedesktop version with 8.2 or exiusting  versions will work with 8.2?

Also i heard there is a tool available to convert the running from 7.2 to 8.2  ....or will all commands are directly supported from 7.2 to 8.2 Please

let me know if any body knows about it.

Highly appreciate all your suggestions and efforts.

Regards,

KA.

I have this problem too.
0 votes
Correct Answer by KARUPPUCHAMY MA... about 6 years 9 months ago

Hi,

//I wanted to know does ASA 8.0 or 8.2 supports sslclient-win-1.1.0.154.pkg clint softwares already installed on the users ( 500+)  and most of the users

does not have admin privilege to get auto installed on their laptops. // ---- Yes

Since ASA 8.0 and above will not support old method client less SSL VPN, You can use Anyconncet VPN which will work any kind of browser.

Just want to re-verify the command in the 7.2 version will all be taken exactly as it is in 8.0 /8.2 version also? Did u happend to check on that ?  -- Yes.

We have upgraded from 7.2 to 8.0, all the commands (ACL,NAT,service policy) all are same.

From your link related to SSL client comapatability it shows that 8.0 or 8.2  does not support sslclient-win-1.1.0.154.pkg !

Instead of SSL you can use Anyconnect VPN.

Find the URL to configure anyconnect vpn

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/svc.html

Regards

Karuppu

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
KARUPPUCHAMY MA... Tue, 03/02/2010 - 22:05

Hi,

You can upgrade the ASA IOS from 7.2 to 8.2 directly and you need to upgrade your ASDM as well.

Find the compatiblity of the ASDM image with ASA IOS.

8.0(4) and later IOS  --

1.The ASDM image should be 6.1(3) and later

2.Cisco Secure Desktop  --- 3.3.0.118 and later

3.Any Connect VPN Client --- Cisco AnyConnect VPN 2.2.0133 and later


Hope you aware about IOS upgratation method. for more infor just have look into the below URL


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml  -- IOS upgradation


http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html   -- Compatability Check

Regards

Karuppu

Hello,

Thank you for your post!

Yes , I am aware of the ASA  image and ASDM upgrade procedure , which i tried already on 5510 ans asdm works successfully.

I wanted to know does ASA 8.0 or 8.2 supports sslclient-win-1.1.0.154.pkg clint softwares already installed on the users ( 500+)  and most of the users

does not have admin privilege to get auto installed on their laptops.

Just want to re-verify the command in the 7.2 version will all be taken exactly as it is in 8.0 /8.2 version also? Did u happend to check on that ?

From your link related to SSL client comapatability it shows that 8.0 or 8.2  does not support sslclient-win-1.1.0.154.pkg !

Please advise me how to proceed.

Can you tell me about this cisco Any connect client.

Regards,

KA.

Correct Answer
KARUPPUCHAMY MA... Tue, 03/02/2010 - 23:22

Hi,

//I wanted to know does ASA 8.0 or 8.2 supports sslclient-win-1.1.0.154.pkg clint softwares already installed on the users ( 500+)  and most of the users

does not have admin privilege to get auto installed on their laptops. // ---- Yes

Since ASA 8.0 and above will not support old method client less SSL VPN, You can use Anyconncet VPN which will work any kind of browser.

Just want to re-verify the command in the 7.2 version will all be taken exactly as it is in 8.0 /8.2 version also? Did u happend to check on that ?  -- Yes.

We have upgraded from 7.2 to 8.0, all the commands (ACL,NAT,service policy) all are same.

From your link related to SSL client comapatability it shows that 8.0 or 8.2  does not support sslclient-win-1.1.0.154.pkg !

Instead of SSL you can use Anyconnect VPN.

Find the URL to configure anyconnect vpn

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/svc.html

Regards

Karuppu

Hello ,

Thank you for the post!

I have still a small doubt  regarding  currently we have sslclient-win-1.1.0.154.pkg installed on all the laptop/pc users to access webvpn from home and also our ASA too contain this image sslclient-win-1.1.0.154.pkg in flash.

So if i upgrade my asa from 7.2  to 8.2 and asdm from 5.2 to 6.2 does this sslclient-win-1.1.0.154.pkg image wihich is there in my flash

supports the users who are currently having sslclient-win-1.1.0.154.pkg clint to connect by webvPN incase if they are unable to download the new sslclient

software due to admin access issue .

Note: I will keep new ssl client image also in the ASA.

I really appretiate all your much needed support.

May i have your gmail or any ID details for contact!

Regards,

KA.

KARUPPUCHAMY MA... Wed, 03/03/2010 - 01:50

Hi,

//I have still a small doubt  regarding  currently we have sslclient-win-1.1.0.154.pkg installed on all the laptop/pc users to access webvpn from home and also our ASA too contain this image sslclient-win-1.1.0.154.pkg in flash. 


So if i upgrade my asa from 7.2  to 8.2 and asdm from 5.2 to 6.2 does this sslclient-win-1.1.0.154.pkg image wihich is there in my flash //

Yes.. of-course  it will be in your Flash,But no issue on that.

If you find any issue related to this, write a mail to me.

my gmail id is [email protected]

Glad to help you.

Regards

Karuppu

Hello ,

IF i want to deploy the running config of ASA 5520 which consist of GIG ports  to ASA 5510 which consists of Ethernet 0/0 ..eth0/3 , do we

have any tool to convert this commands as per the interface or i need to manually copy all the commands.

Do we have any third party tool available for doign this?

Apprecaite all your efforts.

Regards,

KA.

KARUPPUCHAMY MA... Wed, 03/03/2010 - 04:09

Hi,

The Interface configuration we need to do manually but the security level and the name of the interface should be same.Else the ACL and NAT will be inactive.

If you are migrating from PIX to ASA or whatever it may be, the interface details should be same as in existing one.

CISCO tool is available to convert checkpoint firewall policies to PIX/ASA. but within cisco , at my knowledge NO.

regards

karuppu

Hello,

I have successfully upgraded my ASA from 7.2 to 8.2 yesterday , all the commands related to configuration have been automatically taken by the new image.

Only i have to re enter commands realted to logo and other customization details which will be displayed at the login page while using WEBVPN.

More importantly thought cisco says ASA8.X doesnt support webvpn sslclient-win-1.1.0.154.pkg ...it worked in my case and it has solved my problem

Hence all the clients were not needed to updated their SSLClient softwares particularly who are not having admin priveleges.

Thank you for your support!

Regards,

KA.

Actions

This Discussion