Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5520 upgrade from 8.4.6 to 9.1.2

Dear All,

  I am having ASA 5520 in Active Standby failover configuration . I want to know if I can upgrade it from 8.4.6 to 9.1.2 using the zero downtime upgrade process mentioned on cisco site .

Below is the process :

Upgrade an Active/Standby Failover Configuration

Complete these steps in order to upgrade two units in an       Active/Standby failover configuration:

  1. Download the new software to both units, and specify the new image to           load with the boot system command.

    Refer to           Upgrade           a Software Image and ASDM Image using CLI for more           information.

  2. Reload the standby unit to boot the new image by entering the           failover           reload-standby command on the active unit as shown           below:

    active#failover reload-standby
  3. When the standby unit has finished reloading and is in the Standby           Ready state, force the active unit to fail over to the standby unit by entering           the no           failover active command on the active unit.

    active#no failover active

    Note: Use the show             failover command in order to verify that the standby unit             is in the Standby Ready state.

  4. Reload the former active unit (now the new standby unit) by entering           the reload command:

  5. When the new standby unit has finished reloading and is in the           Standby Ready state, return the original active unit to active status by           entering the failover           active command:

    newstandby#failover active

This completes the process of upgrading an Active/Standby Failover       pair.

Also after upgrade are there any changes required after IOS migration ( i.e are there any changes in the command line of 8.4.6 and 9.1.2 ) 

It is mentioned on cisco site that

Major Release

—You can upgrade from the last minor           release of the previous version to the next major release. For example, you can           upgrade from 7.9 to 8.0, assuming that 7.9 is the last minor version in the 7.x           release. 

New Member

ASA 5520 upgrade from 8.4.6 to 9.1.2

Hi Tushar,

The steps you mentioned are perfectly fine. There is no major difference in the commands of the 2 versions, it's just that in access-rule from 9.1 you have to any4 instead of any for ipv4 and any6 for ipv6. During conversion it will get convert automatically.

Also, please refer to the following document (release notes of 9.1.2) for viewing the new features added in that version:

- Prateek Verma

CreatePlease to create content