Solved: Upgrading ASA 8.4(4) to 9.x

bberry · ‎06-04-2013

I need to upgrade my ASA from 8.4(4) to the latest 9.x version. I am wondering if it will be as simple as loading the code and doing a reboot or if there is more to the "migration". I went through the ACL migration when we moved to 8.3 but an trying to see if the same thing applies again with going to 9.x. Any one experienced any caviots that we need to be aware of?

Thanks in advance ...

Brent

Jouni Forss · ‎06-04-2013

Hi,

In general the upgrade from 8.4 to 9.x could be done just by downloading the software to the ASA and then setting the new image as the boot image for the ASA.

There are no big interface ACL or NAT related changes. I would imagine most of the ACL and NAT related changes are either additions to the existing. On the ACL side though there is now "any" which means both IPv4 and IPv6. Then theres separate "any4" and "any6".

I have not personally migrated a bigger firewall to 9.x software yet but constantly jump between 8.4 and 9.x software levels on my test firewall which I use to test some setups suggested here on the CSC too.

I guess you should probably take a look at the release notes and see if there are any bugs that might affect your setup when upgrading.

http://www.cisco.com/en/US/products/ps6120/prod_release_notes_list.html

Other than that I cant really give any advice or expiriences. My main concern personally with 9.x software was when some NAT related bugs were found.

- Jouni

View solution in original post

Jouni Forss · ‎06-04-2013

Hi,

In general the upgrade from 8.4 to 9.x could be done just by downloading the software to the ASA and then setting the new image as the boot image for the ASA.

There are no big interface ACL or NAT related changes. I would imagine most of the ACL and NAT related changes are either additions to the existing. On the ACL side though there is now "any" which means both IPv4 and IPv6. Then theres separate "any4" and "any6".

I have not personally migrated a bigger firewall to 9.x software yet but constantly jump between 8.4 and 9.x software levels on my test firewall which I use to test some setups suggested here on the CSC too.

I guess you should probably take a look at the release notes and see if there are any bugs that might affect your setup when upgrading.

http://www.cisco.com/en/US/products/ps6120/prod_release_notes_list.html

Other than that I cant really give any advice or expiriences. My main concern personally with 9.x software was when some NAT related bugs were found.

- Jouni

bberry · ‎06-04-2013

Jouni.

Thanks for the information. I am in the process of going back through the release notes now to see if anything jumps out. I need to upgrade to 9 so that we can support SSL connections with the newer browsers. IE10 is apparently not supported under 8.4 plus we are looking into setting up 2-factor authentication for select VPN users as well as accessing a new Sharepoint server. Figured moving to 9 would give me a good base for them all.

Thanks ...

Brent

bberry · ‎08-27-2013

I actually looked through the 9.1 release notes as well as this release directly addresses ie 10. They have a note under the Clientless SSL VPN: Windows 8 Support that says:

Jave Remote Desktop Protocol (RDP) plugin connection to a Windows 8 PC is not supported

Is this the regular RDP option I have seen on the earlier versions such as 8.4 where the user gets a window for their session or is this an add on type plugin? We are currently setting things up for most users to use the SSL connection and RDP into either their desktop or and RDS server. I am hoping that will still be there after the upgrade.

Brent