Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA image downgrade in active/standby

What's the procedure to downgrade firmware on ASA in act/standby setup.

3 REPLIES

Re: ASA image downgrade in active/standby

Hi,

Keep all connections intact and load the new IOS on the secondary ASA. On 8.x you can do that by uploading the new image using ASDM (no outage).

Shut the primary ASA then reload the secondary ASA (2-3 minutes outage) and expect the standby to become the master using the new IOS. Check that all the traffic and services are running with the new IOS.

If something goes wrong, shut the secondary ASA and power up the primary (that still has the original IOS) and separately troubleshoot the secondary.

Disconnect the primary from all network connections (the secondary is up and elected as master) and downgrade its IOS (no outage).

Plug the primary back in the network and issue the command: failover active to make it again the active device (small outage of about 5-10 seconds).

So overall you will have 2-3 minutes of outage followed by another 5-10 seconds while swapping the master.

Please rate if this helped.

Regards,

Daniel

New Member

ASA image downgrade in active/standby

Isn't there a zero-downtime way of downgrading? The documentation details how to do a zero-downtime *upgrade* so is there any reason why these steps woudn't work for downgrade as well? (downgrade standby unit and reload it, make it the active, downgrade primary unit and reload it, make it active) ??

ASA image downgrade in active/standby

I would approach the problem as a zero downtime upgrade and follow the steps you noted.

Be careful with NATs and ACL config if you are going back from 8.3 to 8.2.

Also zero downtime upgrade works with 1 version at a time (8.2 to 8.3; 8.3 to 8.4; Cisco does not recommend 8.0 to 8.4 in a direct upgrade) si careful there too...

Which version are you using and which version you want to go to? and why downgrade in the first place?

Patrick

953
Views
5
Helpful
3
Replies