ā04-29-2024 11:27 PM
Hi,
Can anyone please provide me the procedure the version upgradation from 9.8(4)29 to 9.12.4.67? What are pre-requisites ?
ā04-29-2024 11:34 PM
@King_1988 you can upgrade directly from 9.8 to 9.12 (you do not need to upgrade to an interim version)
Guide to upgrade ASA:- https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/asa-appliance-asav.html#topic_r5l_tt5_bbb
Take a backup copy of your current firmware and the configuration before you upgrade.
ā04-29-2024 11:35 PM
Always refer to the release notes before upgrading. There you will find all prerequisites and which versions can upgrade directly to the new version or if you need to go through an intermediate version before reaching the final version.
The release notes will also include any hardware requirements as well as known bugs that might affect your upgrade.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa912/release/notes/asarn912.html#id_25640
ā04-30-2024 01:52 AM
Am i downloading correct image?
ā04-30-2024 01:59 AM
@King_1988 that appears to be the correct image for the 5516-X hardware yes.
Any reason why not upgrading to 9.16, it's more recent (with more bug fixes) and is an Extra Long Term Release, the latest 9.12.4 image is 4 years old!
ā04-30-2024 02:00 AM
Yes that the correct image. once you downloaded this image also download the ASA image too if it is require by you for GUI presenation.
ā04-30-2024 02:02 AM
That is the correct image.
ā04-30-2024 05:48 PM
How long does it take to upgrade the HA firewall?
ā04-30-2024 08:13 PM
You reload each unit separately and wait for it to be Standby Ready before switching it to active and then reloading the other member of the HA pair. Each ASA typically reloads with the upgrade in about 2 minutes. If you are using the Firepower service module, it takes an extra 2-3 minutes to fully come up.
So, all together, you can typically upgrade an ASA 5500-X HA pair in a zero downtime process in about 10-15 minutes.
ā05-02-2024 04:17 AM - edited ā05-02-2024 04:18 AM
There are some VPN configuration also. I believe because of version upgradation there will be no issue, right?
ā05-01-2024 01:08 AM
Upgrading does not take much time. However, I do tend to request a service window of a few hours so that I am prepared for a worst case scenario where I need to troubleshoot or get TAC involved.
When upgrading I typically I do the following when upgrading ASA:
This way if something goes wrong with the primary after the upgrade I can always revert to the secondary while troubleshooting the primary. In addition, when the upgrade is complete, the primary is the active ASA and I do not need to failover from the secondary to satisfy my OCD of needing the primary as active.
ā05-01-2024 08:44 PM
Were you able to get your Asa Upgraded?
I have a 5516-X on version 9.12(4)18 and attempted to upgrade to latest 9.16.4 version and ran into issues after upgrade.
I was not able to get Anyconnect to work, CLI was pretty slow and choppy so decided to revert, lost connectivity to ASDM but that was on me make sure you upgrade ASDM image first. (Hindsight 20/20)
Can anyone confirm latest version 9.16.4 Works?
Got a Tac Case opened they recommended upgrade path 9.12.x -> 9.12.4.67 To get Past CVE's 20353, 20358, 20359 (Arcane Door).
But I do not see that image as an download option on Cisco Soft Center.
ā05-02-2024 08:50 AM
Wanted to provide an update on upgrading Cisco 5516-X.
When I attempted to upgrade from 9.12(4)18 to 9.16.4 Anyconnect stopped working due to incompatible Anyconnect versions had to revert.
Make sure to read release notes, have to update Rommom ver, Asdm ver, Anyconnect ver.
I decided to go with the 9.12.x -> 9.12.4.67 To get past CVE's 20353, 20358, 20359 (Arcane Door).
Which Rommom, Asdm, and Anyconnect is still compatible with 9.12.x -> 9.12.4.67.
Will get these upgraded sooner than later.
Software Is located in Software Center inside the Intermediate versions tab.
Good Luck!
ā05-22-2024 07:19 PM
How do you find 9.12.4.67 version at your ASA? Is it stable? Do you facing any bugs?
ā05-22-2024 07:32 PM
That's a very stable version as it was just fixing a few bugs on top of a version that had been out for some time without any other significant issues. I had one customer upgrade to it on a heavily used ASA and they have had no issues in the past two weeks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide