11-04-2013 12:25 PM - edited 03-11-2019 08:00 PM
Hello,
We have 2 x ASA 5520s (with 2GB mem) in active/standby mode, they also include the IPS modules.
The current firmware is 8.2 and I was wondering if it is possible to upgrade these firewalls with no downtimes? In the past I have upgraded the standby ASA, rebooted it and then made it the active ASA then upgraded the new standby ASA.
I have have quite a lot of NAT Exempts (No-NATs?) and a few static NATs, how did you approach this during your upgrades?
I guess I can roll back as the 8.2 firmware will still be on the flash and I will have the config?
Thanks
11-04-2013 05:47 PM
Yeah it's supported:
Release Notes for the Cisco ASA Series, 9.1(x)
http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html#wp732442
This document has the information that you need; it talks about the requirements and zero downtime procedure.
But you need to take a lot of considerations that you can reference in the document:
https://supportforums.cisco.com/docs/DOC-12690
If you don't mind me asking why are you upgrading?
Because of a fix or feature?
11-05-2013 12:30 AM
Thanks.
I will have Cisco TAC on he phone to help and Webex, but we want to use te clientless VPN and use ACLs with FQDNS too for some hosted clusters we have.
11-06-2013 02:55 PM
Please rate the assistance.
11-09-2013 09:27 PM
Please rate the assistance.
11-14-2013 06:40 AM
Please rate the assistance.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: