Solved: ASA 5520 firmware upgrade to 9.1(x)

syedhashmi455 · ‎03-17-2014

Dear All,

Please advise me if cisco ASA 5520 can be upgraded from 8.0(2) TO 9.1(x) directly as 9.1(x) has a new nat configuration.

Also please advise me the effect of natting if the above task is perfomed.

Hashmi

Marvin Rhoads · ‎03-26-2014

Leo was making the point that your post was duplicated (this one = #12144276 and the other is #12144271). It seems to be a common issue with the new platform they migrated CSC to a couple of weeks back.

Anyhow... to your question:

Assuming you have the necessary memory in your 5520, it is recommended (required actually) your do an intermediate upgrade. Please refer to the Release Notes which recommend you first migrate to 8.4(6) and then to 9.1(x).

Part of the process in that first step is to parse the old configuration file and translate the NAT syntax. That's done automatically by the ASA when reading in a pre-8.3 configuration that uses the old syntax for NAT (and a few other things). Some people prefer to re-write the NAT section themselves, using the opportunity to revalidate and possibly clean up their current configuration. That first upgrade will generate a text file on the ASA with any errors in the parsing process indicated. You should examine and, if necessary, resolve those before taking the step up to your target 9.1(x).

If you're working with a partner, there is a tool they can use to do that translation offline for analysis outside your porduiction environment.

Be sure to have a currrent backup of your old configuration (including any pre-shared keys, certificates etc.) before beginning.

View solution in original post

Leo Laohoo · ‎03-18-2014

Duplicate posts.

Go here: http://supportforums.cisco.com/discussion/12144271/asa-5520-firmware-upgrade-91x

syedhashmi455 · ‎03-18-2014

It redirects me to my own post

venkatesh pokuri · ‎03-26-2014

i guess u can't upgrade

Marvin Rhoads · ‎03-26-2014

Leo was making the point that your post was duplicated (this one = #12144276 and the other is #12144271). It seems to be a common issue with the new platform they migrated CSC to a couple of weeks back.

Anyhow... to your question:

Assuming you have the necessary memory in your 5520, it is recommended (required actually) your do an intermediate upgrade. Please refer to the Release Notes which recommend you first migrate to 8.4(6) and then to 9.1(x).

Part of the process in that first step is to parse the old configuration file and translate the NAT syntax. That's done automatically by the ASA when reading in a pre-8.3 configuration that uses the old syntax for NAT (and a few other things). Some people prefer to re-write the NAT section themselves, using the opportunity to revalidate and possibly clean up their current configuration. That first upgrade will generate a text file on the ASA with any errors in the parsing process indicated. You should examine and, if necessary, resolve those before taking the step up to your target 9.1(x).

If you're working with a partner, there is a tool they can use to do that translation offline for analysis outside your porduiction environment.

Be sure to have a currrent backup of your old configuration (including any pre-shared keys, certificates etc.) before beginning.

kostasthedelegate · ‎06-22-2020

Hello Marvin,

"If you're working with a partner, there is a tool they can use to do that translation offline for analysis outside your porduiction environment."

To which tool you are referring?

Thanks and regards,
Konstantinos

Marvin Rhoads · ‎06-22-2020

@kostasthedelegate the tool is at https://fwm.cisco.com (partner or Cisco staff access required).

FWM Example