Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Does Maintenance release number matter during ASA Failover Pair upgrade?

Hi Guys,


I have been tasked with upgrading two ASA units that are in an active/standby pair from 8.2(?) to 9.1.


I have a few questoins..

Does the maintenance release number matter when upgrading from 8.2 to 8.4 and to 9.1?

If they are version 8.2.2, do I have to upgrade them to 8.2.5 or something like that?

Can i pick any maintenance number when upgrading to the next 8.4? 

Can I skip over 8.3 and go to 8.4 and still maintain the zero downtime functionality?

When they are both at 8.4 and it is time to upgrade to 9.1, will the difference in the major number cause any issue with initiating failover commands?


Thank you.

Community Member

This should answer your

Community Member

Aside from the IOS version,

Aside from the IOS version, you will also have to worry about the NAT configurations as they are no longer the same. The new format started in 8.3 but you are still at 8.2 so you need to plan that one as well.
Hall of Fame Super Silver

Go to 8.4(6) first. Then to 9

Go to 8.4(6) first. Then to 9.1(3) or later. That's what's recommended by Cisco (reference) and I agree. You can go straight to 8.4(6) from any 8.2 (x) release.

As noted by the earlier poster, check your migrated NAT for proper function (and for opportunity to clean it up) as it changes significantly. The cli parser will migrate it for you automatically, but it may not always be pretty. :)

As noted in the release note I linked above, "The units in a failover configuration or ASA cluster should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support. To ensure long-term compatibility and stability, we recommend upgrading all units to the same version as soon as possible."

CreatePlease to create content