cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
782
Views
0
Helpful
4
Replies

ASA image upgradation from 8.04 to 8.2(2)

amardram123
Level 1
Level 1

Hi

Due to Bug#CSCsw88068 related to Signature alogorithm , I am planning to upgrade the asa image from 8.04 to 8.2(2)

My query is

1. Can I upgrade directly from 8.0 to 8.2.2 ?

2. There are few command syntex changed in 8.2. Do i need to change the command or image will take care of the configuration ?

3.Any other prerequisite/suggestion before upgrade..

Regards

Amar

4 Replies 4

Kureli Sankar
Cisco Employee
Cisco Employee

You can upgrade 8.0 to 8.2.

Procedure is to copy the image on to the flash and change the boot system line.

copy tftp flash:  (and follow the prompt)

boot system flash:asa-822.bin (make sure to specify the exact file name)


ASA code:  http://tools.cisco.com/squish/10C815

ASDM image : http://tools.cisco.com/squish/a5338C

If you get the matching asdm file then you need to configure

asdm image flash:asdm-62.bin (make sure to specify the exact file name that you tftp over to flash)

-KS

Thanks sankar,

But what about the configuration, do i need to change any configuration as there are change in syntax for some command ?

Box is running in failover(active/standby) mode

What is the hardware requirment..? My current hardware details are:

============================================

Cisco Adaptive Security Appliance Software Version 8.0(4)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 40 secs

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   :  CN1000-MC-BOOT-2.00
                             SSL/IKE microcode:  CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  :  CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0  : address is 0022.5597.2f9c, irq 9
1: Ext: GigabitEthernet0/1  : address is 0022.5597.2f9d, irq 9
2: Ext: GigabitEthernet0/2  : address is 0022.5597.2f9e, irq 9
3: Ext: GigabitEthernet0/3  : address is 0022.5597.2f9f, irq 9
4: Ext: Management0/0       : address is 0022.5597.2f9b, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 150      
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Disabled 
Security Contexts            : 2        
GTP/GPRS                     : Disabled 
VPN Peers                    : 750      
WebVPN Peers                 : 2        
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 
UC Proxy Sessions            : 2       

This platform has an ASA 5520 VPN Plus license.
===================================================

Regards

Amar

Yo do not need to change any commands, the CLI will remain the same and if there is a command that is going to change it will migrate automatically.

As for failover you must not stay in 8.0 and 8.2 on the units. You can do it during the upgrade process but you need to be in 8.2 in both after the upgrades.

The RAM is fine. Extra RAM is required for 8.3 only.

I hope it helps.

PK

Here is a link to upgarde failover pair:

If the unit is running 8.0.4 it can run 8.2.2 without any additional hardware upgarde.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/admin_swconfig.html#wp1053398

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: