Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
3
Helpful
4
Replies

Upgrading ASA 8.2 to 8.3 or higher

Andy White
Level 3
Level 3

‎06-30-2013 11:17 AM - edited ‎03-04-2019 08:20 PM

Hello,

Has anyone managed to upgrade an ASA from 8.2 to 8.3 or higher?  Looks like version 9 is out now and I fell as if we are getting left behind.

We have 2 x ASA 5520s in Active/Passive mode, I have upgraded their memory to 2GB each, so I hope they have the capacity to be upgraded as they are about 5 years old now, but are doing a great job as CPU and memory is low.

I have been upgrading them in hours for a couple of years now, I upgrade the standby ASA then make it active and then upgrade the other and all is good.  Now I see there is a big jump from 8.2 to 8.3 and higher due to the NAT issue, has anyone actually done an upgrade and how was it?

I'm not a specialist on the ASA so am a bit worried on upgrading, could I do the standby one first and what options do I have for a roll back? 

Maybe TAC can help too.

Thanks in advance for your thoughts.

Labels:
0 Helpful
4 Replies 4

cadet alain
VIP Alumni
VIP Alumni

‎06-30-2013 12:04 PM

Hi,

I think the question should be : do I need to upgrade because there are some features I want to use in newest versions or because my hierarchy wants me to or because I need to get by a bug solved in newer versions.

If the answer is no to any of these and that the devices you've got are working perfectly with their current code then why change just for the sake of changing.

Now this is only my point of view and maybe it is not the good one so let's wait for others point of view.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

jpl861
Level 4
Level 4

‎07-06-2013 10:40 AM

We have multiple ASA 8.0 firewalls and I just upgraded it up to 8.2.5. If all things are working well then do not upgrade it unless there is a major vulnerability. In our case it is always PCI that causes OS upgrades. Remember that firewall rules for 8.2 and 8.3 do have different structures. The NAT configuration is different as well so you might want to consider those before doing an upgrade to 8.3. It will destroy all you NAT config so you cannot do active/standby approach.

Sent from Cisco Technical Support Android App

0 Helpful

usasigcis
Level 1
Level 1

‎07-07-2013 12:19 PM

i have done it couple of times, now planning for my 3rd upgrade.

if you are not doing any NAT, there is nothing you should be worried about, fairly straight forward

just make sure you have the min RAM requirements.

if you are doing NAT, then there are couple of things you need to take into consideration;

such as roll back plan, longer downtime and new NAT rules.

new NAT is so much easier and flexible but it is very different, i suggest you to study it little bit.

also nat-control command is deprived from 8.3+ versions.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame

‎07-08-2013 06:58 AM

The migration document will cover all caveats you should be aware of:

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card