09-26-2018 11:33 AM
I have an ASA 5505 using ASA Version 8.2(5) and ADSM 7.3(1)101 with Flash 128Mb , Memory 512Mb, Security Plus 25 license. I need to upgrade the unit but I see that it is end of life. The only compatibility grids that I see are for 5506. My question is what is the latest versions that I can upgrade to, what is the upgrade path, and what is the compatibility with my versions of ASA and ADSM. Also, should I upgrade the hardware rather than upgrade software. And what am I in for as far as configuration differences and issues. Thank You for your help.
09-26-2018 11:54 AM
Couple of document below to refer, but bear in mind 8.2 to 8.4 is big change, many configuration changes will be changed. Alwsy take backup of config, do the upgrades in change window and plan for roll back if any live service breaks because of config syntax changes.
https://community.cisco.com/t5/security-documents/asa-8-3-upgrade-what-you-need-to-know/ta-p/3127078
https://community.cisco.com/t5/firewalls/asa-upgrade-from-8-2-5-13-to-9-2/td-p/2598726
https://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html
09-26-2018 12:16 PM
09-26-2018 01:11 PM
9.1.7 is still the "latest" recommend code via TAC for the 5505's.
However, you will need 1 GB of memory to run that code without getting errors in ASDM when you connect.
You would also need to go from 8.2.5 > 8.4.6 > 9.1.7
In my experience if you copy the 8.4.6 code, mark it as your boot image, and reboot too it the upgrade will convert all your statements etc for you. It will place a file in flash that shows all the errors from the conversion process as well.
There are a few conversion tools to help you with the code migration as well
https://www.tunnelsup.com/nat-converter/
Cisco also has one that you can use depending on your CCO access
https://fwm.cisco.com/applauncher.do#appstore:1
The big thing that changes are the ACL's and the NAT's.
but the conversion normally does a decent job for you.
Just make sure to grab the output of a more system:running-config before hand so you have all your passwords and pre-sharked keys for VPN's in plain text if you need them.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: