Upgrade ASA Failover From 7.2 to 8.2

Answered Question
Mar 5th, 2010

Hi All,

Has anyone upgraded the ASA Failover pair From 7.2 to 8.2 ?

Does it incurs any downtime during the operation or its transparent for all the connections passing through.

I have read many documents which says that you can go from 7.2 to 8.2 directly, and i was able to upgrade stanalone firewalls without any issues.

But for failover, will failover work if one ASA in on 7.2 and other one on 8.2, or an intermediate upgrade is required.

Request help in this topic.

Regards,

Guneet

I have this problem too.
0 votes
Correct Answer by KARUPPUCHAMY MA... about 6 years 9 months ago

Hi,

This is possible in 7.2 to 8.2 and i have done upgradation in one of the main Telecom Company in India and I am 100% sure about that.

The two units in a failover configuration should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support. To ensure long-term compatibility and stability, we recommend upgrading both units to the same version as soon as possible.

I wish you to have a gr8 success ..

Regards

Karuppu

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
KARUPPUCHAMY MA... Fri, 03/05/2010 - 07:20

Hi,

Find the method of IOS upgrade method in failover pair

1. copy tftp flash on primary ASA

2. shut down primary ASA (NOT reload)

3. Secondary is active now (Do a 'show failover' to confirm that)

4. copy tftp flash on secondary

5. shut down secondary (NOT reload)

6. boot up primary (and it will become active with new software)

7. Wait 3 to 5 mins->Do a 'show version' and 'show failover' on primary to confirm

8. boot up secondary (and it will become standby with new software)

for more info, just have a look into the below URL

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html

Regards

Karuppu

KARUPPUCHAMY MA... Fri, 03/05/2010 - 08:05

Hi,


Yes.IOS upgradation with zero downtime is possible.


1.copy tftp flash on primary ASA and set the boot system


2.copy tftp flash on secondary and set the boot system


2.activefw# failover reload-standby

When the standby unit has finished reloading, and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the following command on the active unit.Use the show failover command to verify that the standby unit is in the Standby Ready state.


4.activefw# no failover active

  Reload the former active unit (now the new standby unit) by entering the following command:


5.newstandbyfw# reload

When the new standby unit has finished reloading, and is in the Standby Ready state, return the original active unit to active status by entering the following command:


6.newstandby# failover active


Regards

Karuppu

Guneet Gulati Fri, 03/05/2010 - 08:14

Hi

Again come back to my original Q

when you give the below command, and the standby firewall loads with V 8.2 whereas primary is still in 7.2, will failover work between them having difference in versions ?

activefw# failover reload-standby

When the standby unit has finished reloading, and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the following command on the active unit.Use the show failover command to verify that the standby unit is in the Standby Ready state.

I am just looking for a complete solution, as i have critical firewall systems which i am planning to upgrade from 7.2 to 8.2  and if possible i would like to avoid a downtime.

Thanks in advance for help!!

Regards,

Guneet Singh Gulati

Correct Answer
KARUPPUCHAMY MA... Fri, 03/05/2010 - 08:25

Hi,

This is possible in 7.2 to 8.2 and i have done upgradation in one of the main Telecom Company in India and I am 100% sure about that.

The two units in a failover configuration should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support. To ensure long-term compatibility and stability, we recommend upgrading both units to the same version as soon as possible.

I wish you to have a gr8 success ..

Regards

Karuppu

Guneet Gulati Fri, 03/05/2010 - 09:00

Hi Karuppu

Thanks for the info, i will be upgrading it over the weekends.

Thanks and Regards,

Guneet Singh Gulati

KARUPPUCHAMY MA... Fri, 03/05/2010 - 09:07

Hi,

Thats gr8,

Once you got the success in this IOS upgradation, just post the results in this forum.

It will bit helpful to other folks....

Regards

Karuppu

Guneet Gulati Sun, 03/07/2010 - 10:49

Yeah it works i faced no issues upgrading 7.2.3  to 8.2.2 ...thanks kauruppu

Regards,

Guneet

Actions

This Discussion