Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8897
Views
16
Helpful
4
Replies

ASA Active/Standby Multiple Context Software Upgrade

Mady
Level 4
Level 4

‎08-30-2016 03:15 AM - edited ‎03-12-2019 01:12 AM

Hi team,

Please help me on upgrading an Active/Standby ASA with multiple context. Hope you could give me detailed procedure for the upgrade. We have 8.2.5 software version and upgrading to 9.1.7. I am not well versed on multiple context. How will I verify if all the context are active on the ASA.

Thank you for your response!:)

Regards,

Mady

Labels:
0 Helpful
4 Replies 4

Pawan Raut
Level 4
Level 4

‎08-31-2016 01:05 AM

Upgrade an Active/Standby Failover Pair.

Note: In Multiple context this need to be do in system context.

To upgrade the Active/Standby failover pair, perform the following steps.

Before You Begin

(CLI) Perform these steps on the active unit.

Procedure

For CLI:

Step 1 (If there is a configuration migration) Show the configuration on the terminal so that you can back up your configuration:

more system:running-config
 

Example:

active# more system:running-config
 

Copy the output from this command, then paste the configuration in to a text file. For other methods of backing up, see the configuration guide.

Step 2 Copy the ASA software to the active unit flash memory:

copy tftp://server[/path]/asa_image_name {disk0:/ | disk1:/}[path/]asa_image_name
 

Example:

active# copy tftp://10.1.1.1/asa931-smp-k8.bin disk0:/asa931-smp-k8.bin
 

For other methods than TFTP, see the copy command.

Step 3 Copy the software to the standby unit; be sure to specify the same path as for the active unit:

failover exec mate copy /noconfirm tftp://server[/path]/filename {disk0:/ | disk1:/}[path/]filename
 

Example:

active# failover exec mate copy /noconfirm tftp://10.1.1.1/asa931-smp-k8.bin disk0:/asa931-smp-k8.bin
 

Step 4 Copy the ASDM image to the active unit flash memory:

copy tftp://server[/path]/asdm_image_name {disk0:/ | disk1:/}[path/]asdm_image_name
 

Example:

active# copy tftp://10.1.1.1/asdm-731.bin disk0:/asdm-731.bin
 

Step 5 Copy the ASDM image to the standby unit; be sure to specify the same path as for the active unit:

failover exec mate copy /noconfirm tftp://server[/path]/asdm_image_name {disk0:/ |disk1:/}[path/]asdm_image_name
 

Example:

active# failover exec mate copy /noconfirm tftp://10.1.1.1/asdm-731.bin disk0:/asdm-731.bin
 

Step 6 If you are not already in global configuration mode, access global configuration mode:

configure terminal
 

Step 7 Show the current boot images configured (up to 4):

show running-config boot system
 

Example:

hostname(config)# show running-config boot system
boot system disk0:/cdisk.bin
boot system disk0:/asa921-smp-k8.bin
 

The ASA uses the images in the order listed; if the first image is unavailable, the next image is used, and so on. You cannot insert a new image URL at the top of the list; to specify the new image to be first, you must remove any existing entries, and enter the image URLs in the order desired, according to Step 8 andStep 9.

Step 8 Remove any existing boot image configurations so that you can enter the new boot image as your first choice:

no boot system {disk0:/ | disk1:/}[path/]asa_image_name
 

Example:

hostname(config)# no boot system disk0:/cdisk.bin
hostname(config)# no boot system disk0:/asa921-smp-k8.bin
 

Step 9 Set the ASA image to boot (the one you just uploaded):

boot system {disk0:/ | disk1:/}[path/]asa_image_name
 

Example:

hostname(config)# boot system disk0://asa931-smp-k8.bin
 

Repeat this command for any backup images that you want to use in case this image is unavailable. For example, you can re-enter the images that you previously removed in Step 8.

Step 10 Set the ASDM image to use (the one you just uploaded):

asdm image {disk0:/ | disk1:/}[path/]asdm_image_name
 

Example:

hostname(config)# asdm image disk0:/asdm-731.bin
 

You can only configure one ASDM image to use, so you do not need to first remove the existing configuration.

Step 11 Save the new settings to the startup configuration:

write memory
 

Step 12 Reload the standby unit to boot the new image:

failover reload-standby
 

Wait for the standby unit to finish loading. Use the show failover command to verify that the standby unit is in the Standby Ready state.

Step 13 Force the active unit to fail over to the standby unit:

no failover active
 

Step 14 Reload the former active unit (now the new standby unit):

reload

Srinivasan Nagarajan
Level 1
Level 1
In response to Pawan Raut

‎04-12-2018 10:45 AM

Hi Pawan,

 

 Thanks. How to put back the multiple virtual security contexts config back in firewall. Does it preserve the config while performing IOS upgrade . Please assist

 

 

0 Helpful

Florin Barhala
Level 6
Level 6
In response to Srinivasan Nagarajan

‎04-16-2018 04:21 AM

It's a well known fact that if you upgrade ASA from one supported version to another one, you will be able to keep your config settings.
Just read the release notes and follow the update path.
0 Helpful

Tarun cisco
Cisco Employee
Cisco Employee
In response to Pawan Raut

‎05-31-2024 10:30 AM

what about Active/Active (multi context with 2 failover groups) upgrade ,does it have the same process as of Active/standby ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card