I'm looking at upgrading my ASA to the newest version 9.0(3) . I am currently running on version 8.2(2) of the software. I know 8.3 introduced some major changes . I've been looking into the upgrade path and want to know if I can upgrade 8.2(2) to 8.4.7 to 9.0 ? Or do I need to first upgrade to 8.2(5) then 8.3 then to 9.0 ? Please advise as the information I have found is contradictory
First, make sure you have enough RAM and flash; there is a requirement jump after 8.2.
The big change from 8.2 to 8.3+ (besides the underlying OS swapout) is the completely new NAT design. Most of your existing NAT rules are best migrated to the new "network objects", except that any NAT0 style stuff you need will need to be done as Phase I "twice NAT" rules instead.
The next biggest change is that in 9.0+ the IPv4 and IPv6 access lists were unified, so that the "any" keyword in ACL's is now dual-protocol, and single-protocol rules use "any4" or "any6".
When I went from 8.2 to 9.0 I used a test lab with the 8.2->8.4->9.0 automatic path Vibhor recommends as a guideline, but for my production firewalls used a new configuration written from scratch. I think you can do 8.2(2) to 8.4(7) to 9.0(3) in just the two stages.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...