Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Opinions on upgrading 515E/PIX 6.3 in failover configuration

All,

Is anyone aware of a suggested or recommended method for upgrading a pair of 515Es in a failover configuration?

In the light of http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml it seems unlikely I'm the first person to want to do this but I can't see any reference to a procedure on the Cisco site.

Do I have to unplug the failover lead and do them one at a time? Can I just upgrade the primary, causing a failover to secondary, then upgrade the secondary causing a failover back to primary?

Any thoughts/links/experiences appreciated.

6 REPLIES
Community Member

Re: Opinions on upgrading 515E/PIX 6.3 in failover configuration

Take a look to this url:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml#failover

Before performing the upgrade, just save the old config from the pix in case of a roll back to the old version.

At the end of the upgrade procedure I also make a reload from both pix at the same time.

There is also a special procedure if you want to upgrade from 6.2 to 7.0

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/pix_upgd/pixupgrd.htm

Community Member

Re: Opinions on upgrading 515E/PIX 6.3 in failover configuration

Many thanks for your help.

Option 1 looks similar to my planned route and shall be the route we take.

Thanks again.

Community Member

Re: Opinions on upgrading 515E/PIX 6.3 in failover configuration

Sorry for warming up this thread.

If I understand right, there is no way of upgrading PIX OS 6.x to PIX OS 6.x+1 w/o having any downtime, right?

--

PIT

Cisco Employee

Re: Opinions on upgrading 515E/PIX 6.3 in failover configuration

You are right, there's no way to upgrade without experiencing downtime (at least with 6.x)

Check information about 7.x

Performing Zero Downtime Upgrades for Failover Pairs

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008054dbea.html#wp1053398

Franco Zamora

Community Member

Re: Opinions on upgrading 515E/PIX 6.3 in failover configuration

Hi James,

A complete detailed description on how to upgrade PIXes operating in a failover environment can be found here :

http://www.ciscotaccc.com/security/showcase?case=K73545150

This contains information for upgrading PIX firewalls operating on 6.x code to a 6.x version or upgrading PIX firewalls operating on code 6.x to 7.x version providing information on how to minimize the downtime for upgradation.

The article also provides information on ZERO DOWNTIME upgrade procedure for uprading the PIXes to 7.x code.

Hope it helps.

Regards,

Raj

Community Member

Re: Opinions on upgrading 515E/PIX 6.3 in failover configuration

hi,

just take a look at the Quick learning module at

http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM4_ASA_beta/course_skin.html

which provides a detail method for upgradation

161
Views
5
Helpful
6
Replies
CreatePlease to create content