Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Upgrading ASA 8.2 to 8.3 or higher


Has anyone managed to upgrade an ASA from 8.2 to 8.3 or higher?  Looks like version 9 is out now and I fell as if we are getting left behind.

We have 2 x ASA 5520s in Active/Passive mode, I have upgraded their memory to 2GB each, so I hope they have the capacity to be upgraded as they are about 5 years old now, but are doing a great job as CPU and memory is low.

I have been upgrading them in hours for a couple of years now, I upgrade the standby ASA then make it active and then upgrade the other and all is good.  Now I see there is a big jump from 8.2 to 8.3 and higher due to the NAT issue, has anyone actually done an upgrade and how was it?

I'm not a specialist on the ASA so am a bit worried on upgrading, could I do the standby one first and what options do I have for a roll back? 

Maybe TAC can help too.

Thanks in advance for your thoughts.

Everyone's tags (2)

Upgrading ASA 8.2 to 8.3 or higher


I think the question should be : do I need to upgrade because there are some features I want to use in newest versions or because my hierarchy wants me to or because I need to get by a bug solved in newer versions.

If the answer is no to any of these and that the devices you've got are working perfectly with their current code then why change just for the sake of changing.

Now this is only my point of view and maybe it is not the good one so let's wait for others point of view.



Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Re:Upgrading ASA 8.2 to 8.3 or higher

We have multiple ASA 8.0 firewalls and I just upgraded it up to 8.2.5. If all things are working well then do not upgrade it unless there is a major vulnerability. In our case it is always PCI that causes OS upgrades. Remember that firewall rules for 8.2 and 8.3 do have different structures. The NAT configuration is different as well so you might want to consider those before doing an upgrade to 8.3. It will destroy all you NAT config so you cannot do active/standby approach.

Sent from Cisco Technical Support Android App

New Member

Re:Upgrading ASA 8.2 to 8.3 or higher

i have done it couple of times, now planning for my 3rd upgrade.

if you are not doing any NAT, there is nothing you should be worried about, fairly straight forward

just make sure you have the min RAM requirements.

if you are doing NAT, then there are couple of things you need to take into consideration;

such as roll back plan, longer downtime and new NAT rules.

new NAT is so much easier and flexible but it is very different, i suggest you to study it little bit.

also nat-control command is deprived from 8.3+ versions.

Hall of Fame Super Bronze

Upgrading ASA 8.2 to 8.3 or higher

The migration document will cover all caveats you should be aware of: