Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 Upgrade path 8.2(2) - 9.0.3

Hello,

I'm looking at upgrading my ASA to the newest version 9.0(3) . I am currently running on version 8.2(2) of the software. I know 8.3 introduced some major changes . I've been looking into the upgrade path and want to know if I can upgrade 8.2(2) to 8.4.7 to 9.0  ?  Or do I need to first upgrade to 8.2(5) then 8.3 then to 9.0  ? Please advise as the information I have found is contradictory

 

Thanks

4 REPLIES
Cisco Employee

Hi,I think for you the

Hi,

I think for you the upgrade path should be like this:-

ASA 8.2.2 >>>> ASA 8.4.6 >>> ASA 9.0.3

Also , make sure you go through the Release notes for the changes:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/release/notes/asarn90.html

Thanks and Regards,

Vibhor Amrodia

 

I thought this was the path

I thought this was the path from Cisco......

8.2 --> 8.4 --> 8.4(4) --> 8.4(6) --> 9.1(2)

 

Mike

Cisco Employee

Hi,I agree that upgrading to

Hi,

I agree that upgrading to ASA 8.4.7 might have worked but we have a known defect for this issue and that's why for a impact free upgrade we recommend an upgrade to ASA 8.4.6.

Also , check this document for all the information on the upgrade:-

https://supportforums.cisco.com/document/48646/asa-83-upgrade-what-you-need-know

Thanks and Regards,

Vibhor Amrodia

First, make sure you have

First, make sure you have enough RAM and flash; there is a requirement jump after 8.2.

The big change from 8.2 to 8.3+ (besides the underlying OS swapout) is the completely new NAT design.  Most of your existing NAT rules are best migrated to the new "network objects", except that any NAT0 style stuff you need will need to be done as Phase I "twice NAT" rules instead.

The next biggest change is that in 9.0+ the IPv4 and IPv6 access lists were unified, so that the "any" keyword in ACL's is now dual-protocol, and single-protocol rules use "any4" or "any6".

When I went from 8.2 to 9.0 I used a test lab with the 8.2->8.4->9.0 automatic path Vibhor recommends as a guideline, but for my production firewalls used a new configuration written from scratch.  I think you can do 8.2(2) to 8.4(7) to 9.0(3) in just the two stages.

-- Jim Leinweber, WI State Lab of Hygiene

1532
Views
0
Helpful
4
Replies