Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
4
Replies

Upgrade PIX OS from 6.x to 7.x.

johnleeee
Level 1
Level 1

‎07-13-2006 01:07 AM - edited ‎02-21-2020 01:02 AM

Hi all,

we want to upgrade many PIXs from

old version 6.x to 7.x.

What we really have a lot is VPN surrounding all our network. A lot of dynamic VPNs as well. Every PIX is in failover pair.

So my question is what problems we can expect and what we should do to minimize

problems with upgrade?

Is anywhere any procedure related to failover upgrade. Could someone give me advice with expected problems?

BR

jl

0 Helpful
4 Replies 4

andrew.burns
Level 7
Level 7

‎07-13-2006 01:29 AM

Hi,

This doc is required reading:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/pix_upgd/pixupgrd.pdf

Once you've read it a couple of times go through every command you have on your pix configurations and check whether it's still supported or has changed in some way.

If you don't I can pretty much guarantee you won't have working pix's after the upgrade.

Some pointers:

1) AH isn't supported so it's best to change that before upgrading if you're using it anywhere.

2) Be prepared to set up failover from scratch after the upgrade - I've found it doesn't always end up the way you want after the upgrade.

3) Practise the upgrade procedure on a test box if you can to get a feel for it.

4) Read the downgrade section of the guide and be ready to downgrade if necessary.

HTH

Andrew.

0 Helpful

Fernando_Meza
Level 7
Level 7

‎07-13-2006 03:11 PM

Hi ..

here there is another link you might find it usefull too.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml

0 Helpful

johnleeee
Level 1
Level 1
In response to Fernando_Meza

‎07-16-2006 01:40 PM

Hi fellows,

first thanks a lot for advice. Im little bit unsure

to upgrade failover pair. So my last question is

related to VPNs. When I upgrade first PIX and switch

it off and upgrade second one in failover pair it

reboots. But in this moment I lose every VPN.

Can I do this without outage of VPN connectivity.?

BR

jl

0 Helpful

andrew.burns
Level 7
Level 7
In response to johnleeee

‎07-16-2006 02:03 PM

Hi,

The short answer is no, you can't do the upgrade without losing vpn connections. (because stateful failover of vpn's doesn't appear as a feature until 7.0)

There's some good (and free) flash-based training material at this link, including a module on failover:

http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html

HTH (plz rate if you find it useful!)

Andrew.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card