Cisco ASA 5510 software upgrade

gordon.macfarlane · ‎10-16-2013

Good evening,

I am currently running a Cisco ASA 5510 with ASA version 8.0(4)16

I am looking to purchase a maintenance contract for my device and upgrade to the more recent ASA software version (pending RAM upgrade also)

I wanted to know if there were any elements that I needed to be aware of for this upgrade.

I have many site to site VPN's that are connected currently and I don't know if they will require a new configuration to be able to contact the ASA 5510 using the more recent software version

Sorry if this doesn't make sense - if clarification is required, please let me know

Thanking you in advance

Richard Burts · ‎10-16-2013

Gordon

Your reference to memory upgrade in conjunction with code upgrade implies that you will be upgrading to some version later than 8.3, is that correct? Be aware that there are significant changes in syntax that are implemented in 8.3 and later (this is especially true with regard to access lists and to address translation). This will be something that you need to be aware of and to deal with on your ASA. I have done several upgrades and if you upgrade the memory of the ASA and then load and run the new code the transition should be relatively straightforward.

But it is only an impact on your ASA. The other devices that do site to site VPN with this ASA should not require any changes in their configuration.

HTH

Rick

HTH

Rick

gordon.macfarlane · ‎10-16-2013

Hi Richard,

First of all, I would like to thank you in advance for your prompt and detailed reply.

You are correct to assume that I am looking to upgrade the software on the device - I am looking to upgrade to

Release 9.1.3.ED. I will only be able to do this once I have acquired the software download rights.

The reason for the software upgrade, is to ensure that the device is secure and that there are no vulnerabilities that can be exploited (or easily exploited)

When you mention Access Lists & NAT - it is the syntax only that will be affected? - in regards to the current configuration that is running on the current version of the ASA device software, will this be affected or will it be upgraded ?

When you mention that you have done many of these kind of upgrades, what are the typical types of problems encountered (if any)

Thanking you again for your assistance

Richard Burts · ‎10-16-2013

Gordon

The software that you have been running is pretty old at this point and upgrading to current is a good idea. It should make your ASA even more secure than it has been.

If you are upgrading the software on the same box then the new software will attempt to interpret the old syntax and produce a new configuration with the new syntax. For the most part it does this quite well. But there are possibilities that some things will not translate accurately. The upgrade will produce a file of possible issues and will generally identify lines from the old config that had difficulty in translation.

I have also done a couple of upgrades which were really replacement of an ASA running old code with a new ASA running the new code. In these cases I had to manually translate the configs - and that was a struggle.

HTH

Rick

HTH

Rick

Tagir Temirgaliyev · ‎11-11-2013

as I know latest version 8.2(5)41 has no vulnerabilities that can be exploited (or easily exploited)

if you dont have other reasons so you dont need to upgrade to 9.1