Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
0
Helpful
2
Replies

5510 Active/stdby upgrade query (8.2->9.1)

Go to solution
mvsheik123
Level 7
Level 7

‎11-05-2015 08:39 PM - edited ‎03-11-2019 11:50 PM

Hello experts,

Planning to upgrade Active/stdby pair from 8.2.x->8.4.6->9.1.10. ASAs got reqd memory. Also, the config got only couple of 'nonat' statements and related VPN configs.

Can I upgrade pair to 8.4.6 first (standard method) and once all looks good then goto 9.1.10? Any manual config intervention required?

Or I need to break the pair and do one after the other with necessary config changes?

Configuration conversion worked fine on singe test ASA.

Thanks in advance

MS

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Shivapramod M
Level 1
Level 1

‎11-05-2015 08:49 PM

Hi,

Since configuration conversion was fine on a test ASA you should not face any issue with upgrading the failover setup. You can follow the standard upgrade path.

hope this helps.

Thanks,

Shivapramod M

View solution in original post

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7

‎11-05-2015 08:58 PM

Hi,

Following are the steps which are suggested for an upgrade which involves migration

 

++ Issue command

#no names

++ Issue command

#no nat-control

++ If there is any NAT exempt statement constructed using ACL, then make sure that there

is no ACL with source and destination IP as "any".

 

In case there is any such ACL then remove that ACL before migration and add it after

migrating to new ASA version.

 

>> Above mentioned steps are required prior to an upgrade.

 

 

For more details you can refer:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html#wp77266

HTH

Thanks,

R.Seth

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Shivapramod M
Level 1
Level 1

‎11-05-2015 08:49 PM

Hi,

Since configuration conversion was fine on a test ASA you should not face any issue with upgrading the failover setup. You can follow the standard upgrade path.

hope this helps.

Thanks,

Shivapramod M

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7

‎11-05-2015 08:58 PM

Hi,

Following are the steps which are suggested for an upgrade which involves migration

 

++ Issue command

#no names

++ Issue command

#no nat-control

++ If there is any NAT exempt statement constructed using ACL, then make sure that there

is no ACL with source and destination IP as "any".

 

In case there is any such ACL then remove that ACL before migration and add it after

migrating to new ASA version.

 

>> Above mentioned steps are required prior to an upgrade.

 

 

For more details you can refer:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html#wp77266

HTH

Thanks,

R.Seth

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card