ASA upgrade path and downgrade path

Rps-Cheers · ‎08-28-2018

HI everyone. Thesedays,i have a problem that is upgarde path and downgrade path of ASA5540. now,the ASA software verison is 7.0.8,if i upgrade it to 9.1.7,what is the upgrade path? and another ASA software version is 8.0.4,what is the upgrade path when i want to upgrade it to 9.1.7.In addition,if i want to downgrade from 9.1.7 to 8.0.4,what is the downgrade path? thanks~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Ajay Saini · ‎08-28-2018

Hello,

From the release notes of ASA 8.2.x:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/release/notes/asarn82.html#pgfId-315678

To ensure that your configuration updates correctly, you must upgrade to each major release in turn. Therefore, to upgrade from Version 7.0 to Version 8.2, first upgrade from 7.0 to 7.1, then from 7.1 to 7.2, and finally from Version 7.2 to Version 8.2

So, that is the upgrade path that needs to be followed from 7.0 to 8.2

8.3 onwards is a major upgrade and needs to be done carefully since there are NAT and access rule changes. This can be done in 2 steps:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574

from 8.2. to 8.4 and then to 9.1

For the upgrade to 8.3 onwards, you can refer to below link:

https://community.cisco.com/t5/security-documents/asa-8-3-upgrade-what-you-need-to-know/ta-p/3127078

https://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html

The same links would cover the upgrade from 8.0 version. Downgrade can be done but will be task once you move to 8.3 onwards. All this is covered in links provided

also, for upgrade to 8.2 and then to 8.4 , keep an eye on memory requirements.

HTH

AJ

Rps-Cheers · ‎08-28-2018

Hi Ajay ;

Thanks for your response.
about downgrade,whether i can downgrade 9.1.7 to 8.0.4 directly?Or,i must downgrade to a middle version,then to another version?

thanks a lot!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Ajay Saini · ‎08-29-2018

Hello,

For downgrading to 8.0 from 9.1, follow the same path as upgrade:

9.1 > 8.4 > 8.2 > 8.0

Ideally, you should stay at 8.2 since there is no changes introduced in 8.2 for NAT or access rules.

HTH

AJ

balaji.bandi · ‎08-29-2018

This bit tough to answer, Downgrade not so easy as upgrade.

There are lot of changes 9.X version, so you need to lot of manual work for changing the config.

This is not best practice to downgrade to lower version.

Now the question is what is the reason to do the downgrading to Lower Version ?

We only upgrade after checking the feature we looking and supported version.

Cisco recommend always stable new release to fix all the issues and bugs to support TAC.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎08-29-2018

The upgrade path to 9.1(x) is described in the release notes:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574

Since the upgrades will change the configuration syntax, there's no easy downgrade process. You'd be best off making a complete backup of the initial running-configuration and restoring that in the event of having to revert.