Wanted to upgrade the ASA to version 8.2. Current ASA version is 7.0(8) - see below
Currently running AS 5520
Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)
Leased a ASA 5520
Cisco Adaptive Security Appliance Software Version 8.2(3)
Device Manager Version 6.3(4)
Leased a Cisco ASA 5520 with version 8.2 (3)
I basically copied the configuration from the current ASA to the new one. I placed the new ASA in place & started having external DNS problems, internal websites no problems.
All workstation point to several internal Windows 2003 DNS servers.
Placed a call with TAC, TAC looked at the ASA & could not come up with a solution. I place the old ASA back into place any everything works OK !
Any Ideas !!
I see the problem now. Would you be able to put the asa 5520 back and try to do queries from the DNS server?
Let me know.
Between my thoughts is that either there is something different on the configuration, or any of the codes that you have may be running into a bug. Can you tell me the following?
What is the model of the old device?
What is the version of the old device and the version from the new device?
Cna you send me both configurations?
Something that I dont know if you tried was to try to do DNS lookups from your internal DNS server itself.
Will be waiting for your inputs.
If you post the santized information here it may help to get you an answer faster since there will be more available eyes to look at the problem.
As Mike mentioned above, you'll want to confirm that there were no unintended configuration changes when the ASAs were swapped. Also, you should verify the ARP tables on the clients, DNS server, and network devices that share a layer 2 broadcast domain with the ASA to make sure that they were successfully updated for the new hardware's MAC address.
Hope that helps.
I took another approach to this problem. I placed the same ASA version 7.08 & configuration on the new ASA. I then updated from 7.08 to 7.1 to 7.2 then to 8.2 (3). I will be placing this in production on Friday morning. I will post my results late Friday morning.
Today is the day when you were going to put the firewall in production, please let me know if that worked for you, if not, I think it would be better to reopen the TAC case.
Excellent, I am glad to hear that, would you please mark this issue as resolved so other people can take it as a reference?