Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Upgrade PIX OS from 6.x to 7.x.

Hi all,

we want to upgrade many PIXs from

old version 6.x to 7.x.

What we really have a lot is VPN surrounding all our network. A lot of dynamic VPNs as well. Every PIX is in failover pair.

So my question is what problems we can expect and what we should do to minimize

problems with upgrade?

Is anywhere any procedure related to failover upgrade. Could someone give me advice with expected problems?

BR

jl

4 REPLIES

Re: Upgrade PIX OS from 6.x to 7.x.

Hi,

This doc is required reading:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/pix_upgd/pixupgrd.pdf

Once you've read it a couple of times go through every command you have on your pix configurations and check whether it's still supported or has changed in some way.

If you don't I can pretty much guarantee you won't have working pix's after the upgrade.

Some pointers:

1) AH isn't supported so it's best to change that before upgrading if you're using it anywhere.

2) Be prepared to set up failover from scratch after the upgrade - I've found it doesn't always end up the way you want after the upgrade.

3) Practise the upgrade procedure on a test box if you can to get a feel for it.

4) Read the downgrade section of the guide and be ready to downgrade if necessary.

HTH

Andrew.

Re: Upgrade PIX OS from 6.x to 7.x.

Hi ..

here there is another link you might find it usefull too.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml

New Member

Re: Upgrade PIX OS from 6.x to 7.x.

Hi fellows,

first thanks a lot for advice. Im little bit unsure

to upgrade failover pair. So my last question is

related to VPNs. When I upgrade first PIX and switch

it off and upgrade second one in failover pair it

reboots. But in this moment I lose every VPN.

Can I do this without outage of VPN connectivity.?

BR

jl

Re: Upgrade PIX OS from 6.x to 7.x.

Hi,

The short answer is no, you can't do the upgrade without losing vpn connections. (because stateful failover of vpn's doesn't appear as a feature until 7.0)

There's some good (and free) flash-based training material at this link, including a module on failover:

http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html

HTH (plz rate if you find it useful!)

Andrew.

265
Views
0
Helpful
4
Replies