topic Re: Cisco ASA 5585X update in Network Security

Cisco ASA 5585X update

josecsoto — Tue, 12 Mar 2019 03:09:09 GMT

Hi all,

I have a new ASA 5585X with SSP-CX20 Module running the following software versions:

ciscoasa5585# show module

Mod Card Type Model Serial No.

--- -------------------------------------------- ------------------ -----------

0 ASA 5585-X Security Services Processor-20 wi ASA5585-SSP-20 JAD164407S6

1 ASA 5585-X CX Security Services Processor-20 ASA5585-SSP-CX20 JAD1641030V

Mod MAC Address Range Hw Version Fw Version Sw Version

--- --------------------------------- ------------ ------------ ---------------

0 6c20.5658.6c34 to 6c20.5658.6c3f 2.0 2.0(13)0 8.4(6)

1 e4d3.f16e.e348 to e4d3.f16e.e353 1.0 2.0(13)0 9.0.2

Mod SSM Application Name Status SSM Application Version

--- ------------------------------ ---------------- --------------------------

1 ASA CX Up 9.0.2

Mod Status Data Plane Status Compatibility

--- ------------------ --------------------- -------------

0 Up Sys Not Applicable

1 Up Up

I am trying to update this to: ASA 9.1(3) and CX 9.2(1.1). When i try to update the CX module i got this error:

asacx>system upgrade ftp://x.x.x.x/asacx-sys-9.2.1.1-48.pkg

Verifying

Enter credentials to authenticate with ftp server

Username:

Password:

Verifying.....

need more than 1 value to unpack

Upgrade aborted.

Looking around I found that the update path should be: 9.0(2) --> 9.1(1) --> 9.2(1 (http://www.cisco.com/en/US/docs/security/asacx/compatibility/cx_prsm_comp.pdf) but the oldest update i can find to download is 9.1.2-2, i could find CX 9.1(1) software in cisco donwload.

Has anyone faced this update or is there any other way to do it?

Thanks in forward for your comments.

Best Regards,

Re: Cisco ASA 5585X update

Marius Gunnerud — Mon, 25 Nov 2013 14:01:33 GMT

To me it looks as though the error comes from a missing value in the logon details for the FTP server. Have you verified that both username and password were entered correctly?

As for upgrading, I would upgrade the ASA first to version 9.1(3) and then upgrade the SSP-20 module. When it mentions upgrade to 9.1(1) and then to 9.2(1), this is just a minimum version to be able to upgrade to the next level. So if you upgrade to the highest build within a minor version, it will support upgrade to the next minor version.

You still need to follow the upgrade path but as mentioned, it is a minimum requirement to be able to upgrade to the next step.

Tested upgrade paths are for the most recent build number for a given version, and sometimes the second
most recent build. For example, upgrade from 9.1(1) to 9.1(3) is tested with build 9.1(1) Build 21; 9.1(2)
to 9.1(3) is tested with 9.1(2) Builds 29 and 42. To ensure the best results, you should upgrade to the
most recent build for the release you are running before upgrading to a new version.

Pulled this from the document you posted.

http://www.cisco.com/en/US/docs/security/asacx/compatibility/cx_prsm_comp.pdf

Please rate all helpful posts

Cisco ASA 5585X update

josecsoto — Tue, 26 Nov 2013 10:40:36 GMT

Hi Marius,

Thanks again. I was asuming the error was related with the update but in fact it was that the ASA module did not like to connect to a ftp server with a user and blank password. Giving a password to the ftp user resolved that.

Finally i got the desired update. This is the path i followed:

update ASA version 8.4(6)

(with ASA on 8.4(6)) update CX from 9.0.2 (103) To 9.1.2 (29)

(with ASA on 8.4(6)) update CX from 9.1.2 (29) To 9.2.1.1 (48)

update ASA to 9.1 (3)

Thanks,

Cisco ASA 5585X update

Marius Gunnerud — Tue, 26 Nov 2013 15:12:49 GMT

Glad you got it working! 🙂

Please rate all helpful posts.

Re: Cisco ASA 5585X update

alanbajic — Tue, 05 Mar 2019 09:46:10 GMT

Thanks it works!