Home | Net Issues | Net How To | Wireless | Case Studies | Articles |  Forums| Services | About Us | Careers | Quick Setup | Contact Us|

How to upgrade Failover Cisco ASA from 8.2 to 8.4

Upgrading ASA version from 8.2 to 8.4 is major change on configuration. The upgrade may change these configurations: Real IP addresses in access lists, NAT or PAT, Named Network and Service Objects. Therefore, we can’t do it without downtime. Here are our plan.

1. Backup the configuration and document the connections.

2. Disconnect the standby ASA from the network and all connections. Upgrade it.

3. After the upgrade is successful, double check the configuration against the original configuration. Especially pay attention to these configuration: Real IP addresses in access lists, NAT, and Named Network and Service Objects because of the major change on version 8.4.

4. If the configuration looks good, re-connect standby ASA to the network but don’t turn on it.

5. Turn off the Active ASA, then turn on Standby and upgraded ASA.

6. Test it and wait for one or two days.

5.  If no issue, upgrade the offline ASA.

6.  Re-connect offline ASA to the network and sync each other.

 References:

 Cisco ASA 5500 Migration to Version 8.3 and Later

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

 To upgrade the software using ASDM, see the "Managing Software and Configurations" chapter in Cisco ASA 5500 Series Configuration Guide using ASDM:

http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/admin_swconfig.html

 ASA Version     First Upgrade to:    Then Upgrade to:

8.2(x)                  8.4(6)                           9.1(2.8) or 9.1(3) or later

If you want to stay on version 8.4 then the recommended version is 8.4.(4.23).

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

Post your questions, comments, feedbacks and suggestions

Contact a consultant

Related Topics