ASA Failover downgrade from 8.4.2 to 8.2.5

Rps-Cheers · ‎11-20-2019

HI Everyone，

We want to do a downgrade for our ASA, they are working on Failover A/S mode. I am not sure about this operation.

What should I do? Is there a detailed step? Does the implementation of this downgrade process require a transition to an intermediate version?
In addition, is there any need to pay attention to such a downgrade?

Thanks

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Sheraz.Salim · ‎11-20-2019

why you want to downgrade to 8.2 from 8.4. the new NAT were introduced in 8.4 and they are called unified nat. going back to 8.2 your nat rules might not work and you need a properly understand how the old nat syntax work. also to mention the 8.2 is not supported any more and it gone end of life.

please do not forget to rate.

Rps-Cheers · ‎11-20-2019

Thanks for your response！
I also know release 8.4 and 8.2 are difference.But our customer need to do it.So i have to try to download it，and cloud you give me some suggestions and notes for this？

thx

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Rps-Cheers · ‎11-20-2019

i am，i have to downgrade it

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

balaji.bandi · ‎11-20-2019

there is side effect on the downgrade, not sure what is the reason for downgrade? (i am more interested to know)

here is the downgrade procedure ( read "Important Notes")

https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/release/notes/asarn84.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rps-Cheers · ‎11-20-2019

hahah～
I also think this is a not recommended method, because our customers have been using the 8.2 version, the customer feels that this version is very stable, so I want to downgrade the other ASAs running in 8.4 to 8.2. So, you provide this document Is it sufficient to explain the precautions and operations of the downgrade? Do we need a transitional version?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

balaji.bandi · ‎11-20-2019

I can understand ( we need to educate the Business what is the security risk here - being FW, we expect to protect the network, not tigive hand over our network to hackers - by installing the outdated version which has security holes.)

Make sure to take the backup of the config. in case something really goes bad while degrading.

Maintenance window - Boot with Old Version and test it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rps-Cheers · ‎11-20-2019

Yes, thank you for your advice.
There seems to be no standard operation here. The downgrade operation may be the same as the upgrade. The main problem is that the HA configuration synchronize issue. I hope that it can be completed smoothly.

BR

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

balaji.bandi · ‎11-21-2019

in this case, I suggest breaking the HA and downgrade both, and join them back.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help