Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
278
Views
0
Helpful
2
Replies

Multicontext Firewall Upgrade

patrick.aineter
Level 1
Level 1

‎05-06-2014 02:12 AM - edited ‎03-11-2019 09:09 PM

Hi all!

I hope you can help me with my open questions regarding, how to upgrade a multicontext firewall to a newer ios.

Are there any differnces between a non multicontext upgrade and multicontext upgrade?

Some informations for you, its an ASA5520 version 7.4  with 6 contexts on it - target IOS version 9.0.3

I know the NAT and ACL statements will be not the same.

I would start the upgrade like that:

1) Login on the stanby firewall

2) Upload the IOS to the system context (i have already done it)

3) Set the boot system disk0:/asa903-k8.bin and save the configuration

4) Reload the standby firewall

5) Check each context for nat/static and access-list changes

6) Disable proxy arp on interfaces where not needed

 

If you have any informantion for me it would be great if you post it and if you have any experience with this topic please let me know.

 

br Patrick

Labels:
0 Helpful
2 Replies 2

Marius Gunnerud
VIP
VIP

‎05-06-2014 04:07 AM

Are there any differnces between a non multicontext upgrade and multicontext upgrade?

No

You are missing one crucial step, and that is upgrading the memory to support the new ASA version.  You will need a minimum of 2 GB or more for the 5520:  http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/product_bulletin_c25-586414.html

I would suggest to break the failover before starting the upgrade (ie. shutdown failover interface, or pull out the cable..etc.)  Also make sure you have some test PCs and servers you can play around with while testing to see if things are as they should be before placing the ASA back onto the network.

Other than that your upgrade steps look fine.

--

Please remember to select a correct answer and rate

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-06-2014 05:00 AM

You cannot upgrade directly from 7.4 to 9.0(3). You will need to make two intermediate upgrades - first to 8.2 then 8.4 and finally to 9.0(3) in order to follow a supported path and ensure that all syntax from your existing configuration is preserved.

If you don't care about the configuration and are rebuilding from scratch then you can just put in the additional memory and load the new image.

By the way an ASA runs Adaptive Security Appliance (ASA) software - not IOS.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card