Solved: ASA 5520 IOS upgrade

jopetik09 · ‎09-08-2011

Hi All,

I have a 2 ASA 5520 firewalls for high availability and need to upgrade IOS from 7.2(4) to 8.2 or latest.
Can someone suggest me what could be the better way and upgrade procedure.
Please find the below show version details and I hope I can go a head with IOS upgrade to latest.

Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)

Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "disk0:/asa724-k8.bin"
Config file at boot was "startup-config"

IGN-ASA-1 up 45 days 17 hours
failover cluster up 45 days 17 hours

Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
Slot 1: ATA Compact Flash, 512MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2
                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is 001d.708e.ada4, irq 9
1: Ext: GigabitEthernet0/1 : address is 001d.708e.ada5, irq 9
2: Ext: GigabitEthernet0/2 : address is 001d.708e.ada6, irq 9
3: Ext: GigabitEthernet0/3 : address is 001d.708e.ada7, irq 9
4: Ext: Management0/0       : address is 001d.708e.ada8, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs               : 150
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : 750
WebVPN Peers                : 2

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1227L1LK
Running Activation Key: 0x843d5063 0x480b99d3 0xc801a9a0 0x8fb03ce8 0xc537a9af
Configuration register is 0x1
Configuration last modified by enable_15 at 06:45:16.382 UTC Wed Mar 19 2003

Jopeti.

varrao · ‎09-08-2011

Hi Jopeti,

I would request you to go through this doc, it has all the requirements for upgrade:

https://supportforums.cisco.com/docs/DOC-12690

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎09-08-2011

Hi Jopeti,

since you have two firewalls in failover, you can follow this doc for zero-downtime upgrade, its the best practise:

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a0080b20f35.shtml

Hope this helps.

Thanks,

Varun

Please do rate helpful posts.

Thanks,
Varun Rao

jopetik09 · ‎09-08-2011

Hi Varun,

Thanks for your response.
My current version is 7.2 so can I upgrade to latest 8.2 or 8.3?
Is my RAM and all support for that?

Jopeti.

varrao · ‎09-08-2011

Hi Jopeti,

I would request you to go through this doc, it has all the requirements for upgrade:

https://supportforums.cisco.com/docs/DOC-12690

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

jopetik09 · ‎09-13-2011

Hi Varun,

The below doc have all information.
I have one doubt, My current configuration which is in version 7.2 will lead to any problems after upgraded to 8.2? like NAT and ACL cli commands will be changed.
I guess the NAT and ACL commands will be changed in version 8.3 not in 8.2

Jopeti.

varrao · ‎09-13-2011

Hi Jopeti,

Yes you are absolutely correct, upgrading to version 8.2 would not change any nat or acl configuration, it changes only when you upgrade to 8.3 or later version.

Let me know if you need any info.

Thanks,

Varun

Thanks,
Varun Rao

Muhammad Anser Khan · ‎05-23-2016

Hi,

What is the latest IOS supported on ASA 5520?

Does ASA 5520 support 9.2.x?

Regards,

Anser