Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 525 Failover Upgrade from 7.1 to 8.0(3)

I will be upgrading an active standby failover pair of PIX 525s later this week. They are running LAN based and stateful failover. I am planning to use the following procedure:

Step 1 Download the new software to both units, and specify the new image to load with the boot system command.

Step 2 Reload the standby unit to boot the new image by entering the following command on the active unit:

active# failover reload-standby

Step 3 When the standby unit has finished reloading, and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the following command on the active unit.

-------------------------------------------------------------------------------

active# no failover active

Step 4 Reload the former active unit (now the new standby unit) by entering the following command:

newstandby# reload

Step 5 When the new standby unit has finished reloading, and is in the Standby Ready state, return the original active unit to active status by entering the following command:

newstandby# failover active

I couldn't find much information about upgrading a failover pair from 7 to 8. I just want to confirm that this is the proper procedure. Any advice will be much appreciated. Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

Well you may do a zero downtime upgrade after codes 7.x

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mswli

cfg.html#wp1053398

12 REPLIES
Cisco Employee

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

After 7.0.x there was zero downtime available for failover upgrade

New Member

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

I don't mind having a bit of downtime. I would prefer not to have to perform a bunch of incremental upgrades to take advantage of the zero downtime feature. Does the procedure that I listed look correct for upgrading from 7.1 directly to 8.0(3)?

Cisco Employee

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

its good..just that you can't jump directly from from 7.1 to 8.0.3, you need to first go to interim 7.2

New Member

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

So I should be able to perform the zero downtime upgrade from 7.1 to 7.2 using the zero downtimeprocedure, then upgrade both devices to 8.0(3). The upgrade to 8.0(3) will have a bit of downtime though...right?

Cisco Employee

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

Well you may do a zero downtime upgrade after codes 7.x

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mswli

cfg.html#wp1053398

New Member

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

Thanks. I will follow that procedure to migrate from 7.1 to 7.2 and then from 7.2 to 8.0(3).

New Member

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

Abinjola,

This next week, I would like to upgrade my pix 525 from 6.3(5) to 7.2(3)and asdm-523.

Do i have to upgrade to 7.0(1) first then 7.2(3) ?

Could you please verify and my step by step procedure...

1) power down pix2

2) upgrade pix1 (primary pix)

a) on enable mode

copy tftp flash:image

pix723.bin

reboot

b) on enable mode

copy tftp flahs:asdm

asdm-523.bin

reboot

3) veify the traffic passses

4) power down pix1

5) power on pix2 (secondary)

a) on enable mode

copy tftp flash:image

pix723.bin

reboot

b) on enable mode

copy tftp flahs:asdm

asdm-523.bin

reboot

Do you have tips or tricks, please feel free to add..

thanks

Racy

Cisco Employee

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

Gentlemen rate the posts always on a scale of 5 so that we know how helpful was our research/ posts/replies

Racy ..to answer your Query"Do i have to upgrade to 7.0(1) first then 7.2(3) ?

-->yes

follow this seq in steps :-

Power off Primary (this causes Secondary to become active)

Disconnect all cables from Primary (including failover cable)

Power on Primary and attach a PC with a tftp server on it

Use "copy tftp flash" to upgrade the Primary

Reload Primary and verify the new version, config... etc...

Power off Primary

Reconnect all cables back to the Primary

Quickly power off Secondary, and then immediately Power on

- Note: This is where your downtime will occur while the Primary is booting

Once the Primary is up it will be Active, and passing traffic (though after 7.x you have zero downtime available)

Repeat steps 2 - 7, but for the Secondary PIX

Power on the Secondary, it will come up as Standby

Both PIXes are now running the upgraded version and back to normal operation.

This completes the upgrade process.

New Member

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

Thanks Abinjola,

My bad … I forgot to rate the post. You already knew the scale is always 5! It is very helpful.

I would not mind to have some downtime.

So Could I upgrade two steps 7.0(1) and 7.2(3) right way.

Let's say… I upgrade from 6.3(5) to 7.0(1) then reboot pix-primary verify the new version 7.0(1) then upgrade pix-primary again with new code 7.2(3).

I would do the same on secondary pix.

Is it possible? Do you see any harms? If I would like to do two versions upgrade one after another in short period of time.

Once again thank you.

Racy

Cisco Employee

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

yes, in a series you may upgrade first to 7.0.1 and then to 7.2.3, no harms

New Member

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

Hi Abinjola,

I am puting in plan to go from 6.4 to 7.2(4). I went through the upgrade procedure for 7.0 and release notes for both 7.2 and 7.0. Just double checking to make sure I do this in one shot. I did not see anything against this.

Also wondering if you have an prefrence to use the boot mode vs. through ios. The upgrade doco for 7.0 does not talk about this.

Also where can I get a copy of the software that reformats the flash please?

New Member

Re: PIX 525 Failover Upgrade from 7.1 to 8.0(3)

Hi Racy,

Tip!

When upgrading your 6.3 to 7.0 to 7.2, dont forget to path your boot system before reloading your 7.0 to 7.2 version.

Ex:

pix(config)#boot system flash:/pix722.bin

Hope it will help you,

Regards,

Jong

627
Views
10
Helpful
12
Replies