cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1815
Views
0
Helpful
4
Replies

ASA5510 firmware upgrade for Active/Standby set up

Devinder Sharma
Level 1
Level 1

Hi All,

I wish to upgarde a redundant pair of firewalls in a maintenance window. Downgtime is not an issue during two hour window.

We wish to upgrade from 7.2 to 8.3. Is it safe to download 8.x image to 5510s, set up boot system flash:/newimage, boot system flash:/oldimage and then reload the firewalls? I can certainly also failover to secondary and then uograde primary and then revert back control to primary and then upgrade secondary, but not sure if I need to migrate from 7.2 to something like 7.9 and then 8.0 and 8.3 for each firewall. I tried to do some research on Cisco docs, but I could not find answer, though I am sure it is buried somewhere.

Please advise.

Thanks a lot.

2 Accepted Solutions

Accepted Solutions

Kureli Sankar
Cisco Employee
Cisco Employee

What is the reason to go to 8.3? Are you looking for new features?

If you want to upgrade just because the new code is available, then I'd like to suggest to go to 8.2.

8.3 has memory requirements for all platform. There have been many changes in the NAT is configured.

You can read in the release notes here: http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html

-KS

View solution in original post

hi

For zero downtime , ensure to upgrade from version 7.2 -> 8.0 -> 8.2 , if the same is done within a downtime then 7.2 -> 8.2 cane be done directly

View solution in original post

4 Replies 4

Kureli Sankar
Cisco Employee
Cisco Employee

What is the reason to go to 8.3? Are you looking for new features?

If you want to upgrade just because the new code is available, then I'd like to suggest to go to 8.2.

8.3 has memory requirements for all platform. There have been many changes in the NAT is configured.

You can read in the release notes here: http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html

-KS

Thanks KS for your advice. The reason to upgrade is PCI compliance for two factor authentication, which is supported on 8.x.

I agree if 8.3 requires a ton of additonal DRAM, then 8.2.x will do for our application. And as I indicated, down time is not an issue, in that case, do you forsee any issues in downloading 8.2.x code and then reload the firewall. Hopefully there is nothing like boot rom upgrade that requires intermediate code?

Thanks again.

hi

For zero downtime , ensure to upgrade from version 7.2 -> 8.0 -> 8.2 , if the same is done within a downtime then 7.2 -> 8.2 cane be done directly

Thanks Ankurs for your advice. I am planning to do it over this weekend for direct upgrade to 8.2.2.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: