Re: ASA 7.0x upgrade to 8.0.3

djones · ‎02-22-2008

The Cisco docs talk about needing to be at a 7.2 version before upgrading to 8.0.x. However, I haven't really found a reason why that is.

I went into my lab and put the same version that my production ASA is running and dropped the same config on it. I then uploaded 8.0.3(6) and booted. I've seen no errors. All commands took. I upgraded ASDM as well.

By the way, I'm upgrading to 8.0.3 for the eigrp features. Anybody know why I wouldn't be able to go straight from 7.0x to 8.0.3??

husycisco · ‎02-22-2008

Hi David

There have been considerable improvements in WebVPN & SSL VPN. Related lines of configs that contain one of them may not apply unlike your implementation in your lab. PIX devices used to warn you like "this command is depreceated .." for configs contain conduits (which should be converted to statics). You might face something similar.

Regards

Harald-Norvik · ‎02-23-2008

Upgrading to 7.2 before 8.0(3) will not take too much extra time.

The ASA's have a lot of flash space, and just put the image for 7.2 as well as 8.0(3) on it. Use only CLI access during the upgrade.

Boot to 7.2, check errors with "show startup-config errors" for conversion errors between boots, fix the offending commands, do a "clear startup-config errors" and reboot again until you don't get any more errors.

Note that if you already use VPNs and NAT-traversal, I have experienced that 8.0.x versions have a tendency to add the line "no isakmp nat-traversal" to your config after upgrades (happened both times when upgrading to 8.0.2 and 8.0.3).

Harald.