Keep all connections intact and load the new IOS on the secondary ASA. On 8.x you can do that by uploading the new image using ASDM (no outage).
Shut the primary ASA then reload the secondary ASA (2-3 minutes outage) and expect the standby to become the master using the new IOS. Check that all the traffic and services are running with the new IOS.
If something goes wrong, shut the secondary ASA and power up the primary (that still has the original IOS) and separately troubleshoot the secondary.
Disconnect the primary from all network connections (the secondary is up and elected as master) and downgrade its IOS (no outage).
Plug the primary back in the network and issue the command: failover active to make it again the active device (small outage of about 5-10 seconds).
So overall you will have 2-3 minutes of outage followed by another 5-10 seconds while swapping the master.
Isn't there a zero-downtime way of downgrading? The documentation details how to do a zero-downtime *upgrade* so is there any reason why these steps woudn't work for downgrade as well? (downgrade standby unit and reload it, make it the active, downgrade primary unit and reload it, make it active) ??
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...