Does Maintenance release number matter during ASA Failover Pair upgrade?

I have been tasked with upgrading two ASA units that are in an active/standby pair from 8.2(?) to 9.1.


Does the maintenance release number matter when upgrading from 8.2 to 8.4 and to 9.1?

If they are version 8.2.2, do I have to upgrade them to 8.2.5 or something like that?

Can i pick any maintenance number when upgrading to the next 8.4? 

Can I skip over 8.3 and go to 8.4 and still maintain the zero downtime functionality?

When they are both at 8.4 and it is time to upgrade to 9.1, will the difference in the major number cause any issue with initiating failover commands?


Aside from the IOS version,

Aside from the IOS version, you will also have to worry about the NAT configurations as they are no longer the same. The new format started in 8.3 but you are still at 8.2 so you need to plan that one as well.
Go to 8.4(6) first. Then to 9

Go to 8.4(6) first. Then to 9.1(3) or later. That's what's recommended by Cisco (reference) and I agree. You can go straight to 8.4(6) from any 8.2 (x) release.

As noted by the earlier poster, check your migrated NAT for proper function (and for opportunity to clean it up) as it changes significantly. The cli parser will migrate it for you automatically, but it may not always be pretty. :)

As noted in the release note I linked above, "The units in a failover configuration or ASA cluster should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support. To ensure long-term compatibility and stability, we recommend upgrading all units to the same version as soon as possible."

