Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Upgrading ASA cluster from 7.2 to 8.2 any problems known?

Hallo

we are going to upgrade our 5580 ASA Cluster from 7.2 to 8.2 and want to do it like this way ( which worked for all 7.x upgrades ) :

  • download asa8.2 Image to primary + secondary Firewall
  • reboot primary ( message come up " mate version ...)
  • reboot secondary

Does it works any experience ?

Does it work if both firewall can see each other during the boot process ?

or

Do I have to bring the secondary into the monitor mode so the fw is not visible for the primary ?

Thanks for help

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Upgrading ASA cluster from 7.2 to 8.2 any problems known?

You can upgrade your cluster while both units are online. But you need do it with several steps as an upgrade from 7.2 to 8.2 is not directly supported. The process is described unter  "Performing Zero Downtime Upgrades for Failover Pairs":

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/admin_swconfig.html#wp1053398

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
2 REPLIES
VIP Purple

Upgrading ASA cluster from 7.2 to 8.2 any problems known?

You can upgrade your cluster while both units are online. But you need do it with several steps as an upgrade from 7.2 to 8.2 is not directly supported. The process is described unter  "Performing Zero Downtime Upgrades for Failover Pairs":

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/admin_swconfig.html#wp1053398

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Upgrading ASA cluster from 7.2 to 8.2 any problems known?

Hi

Already mentioned from Karsten , but I want to confirm it . here the way  what we did and what was working  :

You can jump straight from 7.2.5 to 8.2.5 with zero downtime.

However I would suggest you to perform the upgrade in a scheduled time window as the nodes will temporarily run different software versions during the upgrade process.

If you follow these steps you should be able to successfully carry out the upgrade with zero downtime:

1.Copy via tftp the image to the primary ASA and set the new image to be used

(for example: boot system disk0: /asa825-k8.bin)

2. Copy via tftp the image to the secondary ASA and set the new image to be used

3.On the active firewall run: failover reload-standby

When the standby unit has finished reloading, and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the following command on the active unit. Use the show failover command to verify that the standby unit is in the Standby Ready state.

4. Check the status of the secondary unit by “show failover”, when it will be in “Standby Ready” state, run “no failover active” on the primary ASA to force a failover to the secondary firewall, which now will become active with the new software version.

5. Reload the primary firewall.

Reload the former active unit (now the new standby unit) by entering the following command:

6. When the primary is in the “Standby Ready” state, issue the command “no failover active” on the secondary unit to put the primary unit back to the active state.

902
Views
0
Helpful
2
Replies
CreatePlease login to create content