Hello, I copied the asa bin file for the software version 7.2(2) to disk0 on the ASA 5520 and ran the command: conf t boot system disk0:/asa722-k8.bin reload I. Cisco Asa 5510 Software![]() ![]() Upgrading ASA5. 52. Step by step with final releases or include interim as well? Cisco. Hi guys. Should I upgrade it as following 8. I also include some interim releases in between? Also I am planning to upgrade my ASDM first from 6. I will make a configuration backup in case something goes wrong. Is there anything else I should perform? Thank you very much. Upgrade Cisco ASA software | popravak. Cisco ASA now days can run three generations of code, depending on the hardware platform and memory installed. These are 7. x, 8. Not all ASAs can run any version of code. For example, “Cisco ASA 1. V cloud firewall” can only run 8. The ASASM (“ASA Service Module”) can only run 8. The new versions of ASA appliances, called “The ASA Next Generation Firewall”, the ones with an “X” in its name run only 8. X which van run older code, and the “old guys”, 5. We have to know this compatibilities, because trying to upgrade 5. Here is the matrix from Cisco. ASA OSASDMASA Model: ASA 5. ASA 5. 51. 0, 5. 52. ASA 5. 55. 0ASA 5. ASA 5. 51. 2- X, 5. X, 5. 52. 5- X, 5. Cisco ASA 5520 Adaptive Security Appliance. ASA 9.x : Upgrade a Software Image using ASDM or CLI Configuration Example;. Cisco ASA 5510, ASA 5520. Www.cisco.com Cisco ASA Compatibility. This document lists the Cisco ASA software and hardware compatibility and. 5520, 55 ASA 55-X. · After writing about how to upgrade a Cisco ASA license, I received a few messages asking about upgrading the Cisco ASA software. Fortunately, just like. Upgrade RAM on a Cisco ASA 5520. memory that appears to work until the ASA is software rebooted. After a memory upgrade of my Cisco WAAS. ASA 5520 IOS upgrade. Answered Question. Share. Cisco Adaptive Security Appliance Software Version 7.2(4). Cisco ASA-55x0 on-board accelerator. X, 5. 55. 5- XASA 5. XASASMASA 1. 00. 0VASA 7. ASDM 5. 0. Recommended: 5. No. YESNo. No. No. No. No. No. ASA 7. ASDM 5. 1. Recommended: 5. No. YESNo. No. No. No. No. No. ASA 7. ASDM 5. 1(2)No. YESYESNo. No. No. No. No. ASA 7. ASDM 5. 2. Recommended: 5. YESYESYESNo. No. No. No. No. ASA 8. 0(2)ASDM 6. Recommended: 7. 1(3). YESYESYESNo. No. No. No. No. ASA 8. 0(3)ASDM 6. Recommended: 7. 1(3). YESYESYESNo. No. No. No. No. ASA 8. 0(4)ASDM 6. Recommended: 7. 1(3). YESYESYESNo. No. No. No. No. ASA 8. 0(5)ASDM 6. Recommended: 7. 1(3). YESYESYESNo. No. No. No. No. ASA 8. 1(1)ASDM 6. Recommended: 7. 1(3). No. No. No. YESNo. No. No. No. ASA 8. ASDM 6. 1(5) and later. Recommended: 7. 1(3). No. No. No. YESNo. No. No. No. ASA 8. ASDM 6. 2(1) and later. Recommended: 7. 1(3). YESYESYESYESNo. No. No. No. ASA 8. 2(2)ASDM 6. Recommended: 7. 1(3). YESYESYESYESNo. No. No. No. ASA 8. 2(3)ASDM 6. Recommended: 7. 1(3). YESYESYESYESNo. YESNo. No. ASA 8. 2(4)ASDM 6. Recommended: 7. 1(3). YESYESYESYESNo. YESNo. No. ASA 8. 2(5)ASDM 6. Recommended: 7. 1(3). YESYESYESYESNo. YESNo. No. ASA 8. 3(1)ASDM 6. Recommended: 7. 1(3). YESYESYESYESNo. No. No. No. ASA 8. 3(2)ASDM 6. Recommended: 7. 1(3). YESYESYESYESNo. No. No. No. ASA 8. 4(1)ASDM 6. Recommended: 7. 1(3). YESYESYESYESNo. YESNo. No. ASA 8. 4(2)ASDM 6. Recommended: 7. 1(3). YESYESYESYESNo. YESNo. No. ASA 8. 4(3)ASDM 6. Recommended: 7. 1(3). YESYESYESYESNo. YESNo. No. ASA 8. 4(4. 1)1. ASDM 6. 4(9) and later. Recommended: 7. 1(3). YESYESYESYESNo. YESNo. No. ASA 8. 4(5)ASDM 7. Recommended: 7. 1(3). YESYESYESYESNo. YESNo. No. ASA 8. 4(6)ASDM 7. Recommended: 7. 1(3). YESYESYESYESNo. YESNo. No. ASA 8. 5(1)ASDM 6. No. No. No. No. No. No. YESNo. ASA 8. ASDM 6. 6(1). No. No. No. No. YESNo. No. No. ASA 8. 7(1. ASDM 6. 7(1). No. No. No. No. No. No. No. YESASA 9. 0(1)ASDM 7. Recommended: 7. 1(3). YESYESYESYESYESYESYESNo. ASA 9. 0(2)ASDM 7. Recommended: 7. 1(3). YESYESYESYESYESYESYESNo. ASA 9. 0(3)ASDM 7. YESYESYESYESYESYESYESNo. ASA 9. 1(1)ASDM 7. Recommended: 7. 1(3). YESYESYESYESYESYESYESNo. ASA 9. 1(2)ASDM 7. YESYESYESYESYESYESYESNo. One thing I would like to point here out: the old platforms (5. Cisco (???) engineers said to me, *can* run the new code, as stated in the table above. Of course, with the appropriate memory upgrade. There is another thing we must take into consideration when planning fro an upgrade – memory requirements. ASA Model. Internal Flash Memory (Default Shipping)1 ,2. DRAM (Default Shipping)Before Feb. After Feb. 2. 01. Required for 8. 3 and Higher)5. MB2. 56 MB5. 12 MB3. MB2. 56 MB1 GB5. 52. MB5. 12 MB2 GB5. 54. MB1 GB2 GB5. 55. 02. MB4 GB4. GB5. 51. X4 GBN/A4 GB5. 51. X8 GBN/A8 GB5. 52. X8 GBN/A8 GB5. 54. X8 GBN/A1. 2 GB5. X8 GBN/A1. 6 GB5. GB8 GB8. GB5. 58. GB1. 2 GB1. 2 GB5. X with SSP- 1. 02 GBN/A6 GB5. X with SSP- 2. 02 GBN/A1. GB5. 58. 5- X with SSP- 4. GBN/A1. 2 GB5. 58. X with SSP- 6. 02 GBN/A2. GBASASM8 GBN/A2. 4 GBSo, for example, if we bought the ASA5. February 2. 01. 0, we first need a memory upgrade and then we can go for an upgrade. Now one more important thing about upgrading. There are so called upgrade paths we must follow. We should take this seriously! What I mean by this is that if you go for an upgrade from 7. I mean the ASA will boot the new code, but the new code may not parse the old configuration properly and some functions may not work (or should I say will not work). I had one small configuration on the 5. ACLs with no NAT, and I did an upgrade from 7. Of course this was my lab setup and again – follow the upgrade path! What is this upgrade path? This is an array of code versions that must be applied in specific order from the current to the version we want to go to. For example, the version 8. NAT syntax and changes in how we code our ACLs. If we would like to upgrade to 8. Or should I say Cisco only supports upgrading to 8. Now reaching 8. 2 can also be tricky! Cisco names ASA versions this way: asa. XYZ. bin. The “X” is the major release number, the “Y” is minor number and the “Z” is the maintenance release number. Some rules apply when constructing the upgrade path: We can upgrade from any version to any other version within the same major and minor version. For example we can go from 8. To upgrade from one minor release to another, we cannot skip a minor release number. For instance, we cannot upgrade from 7. We should go from 7. Upgrading from one major release to the next is possible only from the last *minor* release. For example, to upgrade from 7. We cannot upgrade from 7. To upgrade to 8. 3, we must be at 8. To upgrade to 9. x, we must be running a 8. That is if version 8. For ASA5. 5YY- X series, there is no 8. This can be tricky and I strongly recommend consulting the documentation on your specific versions to select a proper upgrade path. We have now a general idea on how to do an upgrade. The most difficult task is actually going through the tables from above and figure out which version and which path we should take. The upgrade process itself is, believe it or not, very straight forward process. We will break it into two most common scenarios: Upgrading a standalone appliance. Upgrading an Active/Standby failover pair. Like I said, I’m a big fan of 8. I will show how to upgrade to 8. I also chose this version because it brings new ways of doing NAT and ACLs and upgrading to this version does some significant configuration changes during migration. TIP: Before installing any new version of code, after you download the code, verify its MD5/SHA1 shecksum! Upgrading a standalone appliance. Let’s assume that our box is running 8. My configuration has some ACLs and some NAT statements, among other things. Some ACLs are actually being used, and NAT statements are not. They are only here to see how the migration process converts the configuration. Some ACLs are also placed only to show the new ACL model in the 8. After we upgrade to 8. First we make sure we can use the 8. RAMHardware: ASA5. MB RAM, CPU Pentium 4 Celeron 1. MHzatest. 1#We can see that 8. ASA5. 51. 0 from the table one, and that we have enough RAM from the table two. Here is our current running configuration: atest. Saved: ASA Version 8. Ethernet. 0/0nameif outsidesecurity- level 0ip address 1. Ethernet. 0/1nameif insidesecurity- level 1. Ethernet. 0/2nameif VMWAREsecurity- level 7. Ethernet. 0/3shutdownno nameifno security- levelno ip address! Management. 0/0shutdownno nameifno security- levelno ip address! ESXi- HOSTSnetwork- object host 1. VMWARE_IN remark v. Center Accessaccess- list VMWARE_IN extended permit udp host 1. ESXi- HOSTS eq 9. VMWARE_IN extended permit tcp host 1. ESXi- HOSTS eq 9. VMWARE_IN extended permit tcp host 1. ESXi- HOSTS eq httpsaccess- list OUTSIDE_IN extended permit tcp any 1. OUTSIDE_IN extended deny ip any any logpager lines 2. VMWARE 1. 50. 0mtu outside 1. VMWARE,outside) 1. VMWARE_IN in interface VMWAREroute inside 1. Dflt. Access. Policyno snmp- server locationno snmp- server contactsnmp- server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec security- association lifetime seconds 2. Cisco. TAC- 1no activedestination address http https: //tools. DDCEServicedestination address email callhome@cisco. Cryptochecksum: bdd. OK]atest. 1#Although the migration process will backup our current config, I like to do that myself. I like to copy the config to both local disk and the remote location. For a local disk: atest. Building configuration…Cryptochecksum: bdd. OK]atest. 1#atest.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |