"boot system flash:/imagename.bin" command does set the image to be used and "asdm image flash:asdmimagename.bin" sets the ASDM image that must be used. If none is issued, firewall sets the first comaptible images for system and ASDM.
You can keep the old images of both ASDM and IOS in flash if you have enough space in flash. But as far as I know, ASDM 5.x does not work with IOS 8.x . So if you get issues with new ASDM, you also have to downgrade the IOS.
Ah sorry, I now got that your question was about 6.0(3) and 6.1(1) not 5.0
That cisco guy is somewhat correct. Here is the issue. As you know, ASDM is a GUI that actually sends IOS commands to device. If ASDM has a higher version than IOS, it may send commands to device when you want to enable a new feature, which are not recognized by IOS. There is a little information icon that appears next to disk image in ASDM window, I have seen rare instances when that popped up and when I clicked on it, it said "Some of the commands ASDM sent are not recognized by device"
Thanks for finding the time to answer my questions.
I undersatand what you are saying, that error message that could pop up in the ASDM due to having a different version of ASDM, could it cause issues with the firewall or just wont make the config change?
My next challenge would be on updating the ASDM on the faulover ASA I have. I have a active/standby setup (sorry I didn't mention this), but the only way can get on the standby ASA is when I turn off the primary or just pull the failover cable, the standby then becomes the active ASA, thus enablng me to update the ASDM. Is this a normal approach to updating a standby ASA?
It wont make the config change. Have seen rare occasions that IOS cant recognize a part of a set of commands and desired service cant function properly. I mean if a group of commands which are ready to be sent to firewall by ASDM, contains a single line that cant be recognized, every other commands will be issued despite that single command. And only that single command wont be issued.
If you have console access or ssh access to device, you can still perform IOS copy and boot image set commands (firewall is operational with standby IP address), you dont need a state change. Besides, once you upgrade the IOS of one unit, failover will be broken since failover requires same IOS versions
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :