Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

downgrade ASA 8.4(6) to 8.2(1)

Hello support community,

yesterday I have upgrade one firewall on remote location. The upgrade was from 8.2(1) to 8.4(6) and unfortunately after upgrade the firewall isn't reachable. The firewall model is 5510 with 1 GB memory. There is no technical people right now. So only first working day I can get hands-on to check from management port and I know how to downgrade. But I am not sure whether it is possible from 8.4(6) to 8.2(1). So I am glad to get some information regarding this issue.

Pial

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: downgrade ASA 8.4(6) to 8.2(1)

There's not an automatic downgrade path. Some syntax changes when upgrading to >=8.3 to the running-configuration is now different. So you need to have a copy of the old configuration that was used by 8.2(1)  (there should be a copy on the flash that was created automatically during the upgrade) to startup after ensuring it has the variable "boot system disk0:asa-821.bin" in it and that the OS image is still on disk.

Something like this:

more | i boot

dir disk0:

copy startup

reload

You can also use the "downgrade" macro as described int the CLI configuration guide here.

5 REPLIES
Hall of Fame Super Silver

Re: downgrade ASA 8.4(6) to 8.2(1)

There's not an automatic downgrade path. Some syntax changes when upgrading to >=8.3 to the running-configuration is now different. So you need to have a copy of the old configuration that was used by 8.2(1)  (there should be a copy on the flash that was created automatically during the upgrade) to startup after ensuring it has the variable "boot system disk0:asa-821.bin" in it and that the OS image is still on disk.

Something like this:

more | i boot

dir disk0:

copy startup

reload

You can also use the "downgrade" macro as described int the CLI configuration guide here.

New Member

Re: downgrade ASA 8.4(6) to 8.2(1)

Thanks Marvin for your support. I have read that link too for downgrade. But would you please tell me whether there is a known issue to upgrade from 8.2(1) to 8.4(6). Because I know it is possible to upgrade from 8.2.(1) to 8.3.x. Because I have to upgrade the firewall image. Otherwise the CSC module upgrade 6.6.1125 isn't functioning properly without ASA image upgrade.

Hall of Fame Super Silver

Re: downgrade ASA 8.4(6) to 8.2(1)

You're welcome.

The ASA upgrade process as documented pretty much works fine. One thing you need to note is that if you have an older ASA you may need to upgrade the system memory first. The requirements are documented in the release notes for 8.3 here.

Of course, make sure to have a complete backup of your system configuration, including passwords and pre-shared keys (PSKs). Note if you copy a backup using "term pager 0" and "more system:running-config", it will type out the PSKs (but not user and enable password) in plain text.

The one thing that catches most people is the major change of how NAT is done in 8.3 and later. There is an excellent detailed overview of NAT operations that Jouni Forss has written over in the documents section of this forum here.

If you follow the documented upgrade process and take care to understand your NAT before and after the upgrade, it should go fine.

New Member

Hi,

Hi,

I would like to know on how we can downgrade in active/standby failover pair with multiple context.

Thank you very much.

Regards,

Mady

Hall of Fame Super Silver

It's the same as single

It's the same as single context except that you have to restore the cfg file for each context separately.

2133
Views
15
Helpful
5
Replies
CreatePlease login to create content