Solved: Re: ASA upgrade

shijuuu · ‎03-08-2011

Hi Team,

I am forced to upgrade my ASA 5520 software from 7.1 - 8.2 or higher, as I am not familiar with ASA I need expert opinions..

I have following concerns regarding the upgrade if anyone familiar with please help.

1-Do I need to worry about the software licensing when I download 8.2

2-I read about the few difference in commands (ACL and NAT) in 8.2 what exactly I have to do here should I change the configured NAT and ACL with real IP in the existing configuration after the upgrade ?

Please recommend any best practice if available for this

Thanks

Federico Coto Fajardo · ‎03-08-2011

Hi,

You're completely changing different codes.

Please refer to the release notes of 8.2 for all the information.

Is in version 8.3 where all the NAT configuration changed, object-oriented configuration and changes in ACLs behaviors to name some... so not much in 8.2

But still since you're coming from 7.x, please make sure you at least review 8.2 release notes.

Hope it helps.

Federico.

View solution in original post

erickflamenco · ‎03-08-2011

Hi,

Please see at this document

https://supportforums.cisco.com/docs/DOC-12690

It could help you to save a lot of effort.

Regards,

Erick

View solution in original post

sean_evershed · ‎03-08-2011

As stated by the other posters there are subtle differences between the two versions in the way tasks are performed.

See below the release notes for 8.2 listing the memory requirements:

http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html#wp37821

View solution in original post

erickflamenco · ‎03-08-2011

In the meantime please upgrade to version 8.2(4.1) as the 8.2 has been confirmed with muñtiple vulnerabilities as

1 Transparent Firewall Packet Buffer Exhaustion Vulnerability (CSCtj04707)

2 SCCP Inspection Denial of Service Vulnerability (CSCtg69457)

3 RIP Denial of Service Vulnerability (CSCtg66583)

4 Unauthorized File System Access Vulnerability (CSCtk12352)

Good luck,

Erick

View solution in original post

Federico Coto Fajardo · ‎03-08-2011

Hi,

You're completely changing different codes.

Please refer to the release notes of 8.2 for all the information.

Is in version 8.3 where all the NAT configuration changed, object-oriented configuration and changes in ACLs behaviors to name some... so not much in 8.2

But still since you're coming from 7.x, please make sure you at least review 8.2 release notes.

Hope it helps.

Federico.

erickflamenco · ‎03-08-2011

Hi,

Please see at this document

https://supportforums.cisco.com/docs/DOC-12690

It could help you to save a lot of effort.

Regards,

Erick

shijuuu · ‎03-08-2011

Thanks for support

Is 8.2 and 8.3 entirely different?

Actually I am planning for 8.2 is this require a memory upgrade ? below is the sh version

Cisco Adaptive Security Appliance Software Version 7.1(2)
Device Manager Version 5.1(2)

Compiled on Tue 14-Mar-06 17:00 by dalecki
System image file is "disk0:/asa712-k8.bin"
Config file at boot was "startup-config"

EAIFIREWALL up 93 days 16 hours

Hardware: ASA5520-K8, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2
                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0 : address is 0018.7317.d68e, irq 9
1: Ext: GigabitEthernet0/1 : address is 0018.7317.d68f, irq 9
2: Ext: GigabitEthernet0/2 : address is 0018.7317.d690, irq 9
3: Ext: GigabitEthernet0/3 : address is 0018.7317.d691, irq 9
4: Ext: Management0/0       : address is 0018.7317.d68d, irq 11
5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs               : 100
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : 750
WebVPN Peers                : 2

This platform has an ASA 5520 VPN Plus license.

Serial Number: Running Activation Key: Configuration register is 0x1
Configuration last modified by enable_15 at 12:30:19.015 UTC Thu Feb 24 2011

thanks

sean_evershed · ‎03-08-2011

As stated by the other posters there are subtle differences between the two versions in the way tasks are performed.

See below the release notes for 8.2 listing the memory requirements:

http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html#wp37821

erickflamenco · ‎03-08-2011

In the meantime please upgrade to version 8.2(4.1) as the 8.2 has been confirmed with muñtiple vulnerabilities as

1 Transparent Firewall Packet Buffer Exhaustion Vulnerability (CSCtj04707)

2 SCCP Inspection Denial of Service Vulnerability (CSCtg69457)

3 RIP Denial of Service Vulnerability (CSCtg66583)

4 Unauthorized File System Access Vulnerability (CSCtk12352)

Good luck,

Erick