upgrading asa5520 old firmware

baselzind · ‎07-08-2019

i have a ASA5520 with a ASA-SSM-10 with asa version 8.2(2) and asdm 6.3 , i need to upgrade it to the lastest which is 9.1.7 and asdm 7.8.1 , my question is that can i jump directly to these versions? or is there intermediate versions?

also should i upgrade the firmware first then the asdm or the other way around?

also what is this ASA-SSM-10? is it some kind of ips?

would i get any configuration change?

Marvin Rhoads · ‎07-08-2019

You cannot upgrade directly. the release notes show this sequence:

Current ASA Version	First Upgrade to:	Then Upgrade to:
8.2(x) and earlier	8.4(5)	9.1(3) or later

Source:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574

Going to 8.3+ introduces significant change in NAT and ACL syntax. There are dozens of posts regarding this.

Also, please take time to make sure you understand your current configuration before doing anything. Carefully follow the upgrade sequence and test your configuration both before AND after the changes. Be sure to have a current and complete backup prior to starting - and know how to use it.

Your ASDM can manage both old and new ASA versions so you can safely upgrade it first.

The ASA-SSM-10 is a very old IPS module and is no longer sold or supported. It is next to useless but you should check if it is in use by looking for a service-policy in your current config that directs traffic to it via a policy map and class map combination.