Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
198
Views
0
Helpful
1
Replies

8.2.5-33 upgrade to 8.4.7

devildrider
Level 1
Level 1

‎10-07-2014 07:55 AM - edited ‎03-11-2019 09:52 PM

I have run into more problems attempting this upgrade that expected.  I originally tried going from 8.2.5 to 8.3 and Cisco told me to go directly to 8.4.7

ISSUE # 1: Their instructions on doing a zero downtime upgrade on an active standby unit states to upload the image file and code to both units, then reload the standby first to boot with the new 8.4.7 code.  That works, however, as soon as it is up (and before I am able to log in to enter any commands), replication from the active mate occurs and pushes down code from the active unit running 8.2.5 to the current standby running 8.4.7.  How is the preventable without removing the failover cable?

 

ISSUE # 2  

When trying to go through the downgrade steps in the published Cisco ASA 5500 Migration to Version 8.3 and later guide, I have tried both ASDM and command line down grades with no luck.  I select 8.2.5(33) as the image file and the 8_2_5_33_startup_cfg  file as the configuration file and when it boots, it does use 8.2.5.33 image file, but it contains 8.4.7 commands which are not compatible.  This results in the Cisco taking over 3hrs to run through the configuration errors.  In test, this is easily resolved by setting the device back to factory defaults, resetting the boot image, and loading a good configuration file, but it takes hours to do.  I can't do this in production if we need to down grade.  

 

ISSUE # 3.  Despite all the guides saying that during an upgrade to 8.3 you should get a Nat Ident Migrate file, I have not seen that happen going to 8.3 or 8.4.

 

Does anyone have any input or advice for any of these Issues?  Probably user error. :-)

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎10-07-2014 06:15 PM

Hi,

As per the ISSUE#1:- This cannot be prevented on the HA Pair.

ISSUE#2:- I think this might be due to the ACL and NAT statement being converted to the new configuration.

ISSUE3#:- You can check the migration errors file created automatically on thre ASA device after upgrade to find the errors with migration.

Please refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html#wp40032

https://supportforums.cisco.com/document/48646/asa-83-upgrade-what-you-need-know

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card