Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1466
Views
0
Helpful
3
Replies

Cisco ASA 5505 8.2 upgrade

manjeet_s1
Level 1
Level 1

‎06-24-2016 05:56 AM - edited ‎03-12-2019 12:56 AM

Hello Experts,

Some of the remote location we are having Cisco ASA 5505 with IOS version 8.2(5), We are planning to upgrade those ASA's to the latest IOS.

So we need your suggestion what is the process to upgrade those ASA's and till what version we can upgrade the IOS.

It would be great if you can provide some document for the same.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Kornelia Gutierrez
Level 1
Level 1

‎06-24-2016 12:15 PM

Hello Manjeet,

I hope you are fine, regarding query, the latest version available for the 5505 box is 9..2.4(10), you need to take into account the memory requirments and the upgrade path that you must follow before upgrading the ASA.

Upgrade path:

8.2.5 -> 8.4.5 ->9.2.X

Please refer to the following link:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/release/notes/asarn92.html#pgfId-769104

Memory requirements:

You must have 512 mb of RAM in order to upgrade to 9.2.4

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#51927

Also take into account that the configuration will be automatically migrated, since the sintaxys of the nat rules changes, therefore once the ASA is upgraded check the configuration.

Check this documentation:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html

Hope this helps!

Best regards.

Kornelia Gutierrez

0 Helpful

James Leinweber
Level 4
Level 4
In response to Kornelia Gutierrez

‎06-27-2016 09:52 AM

In addition to the gigantic change in NAT architecture at 8.3 there is also a change in IPv6 support at 9.0 which you will also run into.  They unified the IPv4 and IPv6 access lists, abolishing the separate access-group statements for the previous parallel kinds.  The "any" keyword goes dual-protocol, and there are new "any4" and "any6" keywords for matching single-protocol addresses.

Many of us preferred to rewrite configurations from scratch for this transition, though the automatically migrated/converted ones can provide a useful guide.  To a first approximation, convert your former NAT 0 identity mappings into phase I twice NAT, and everything else into phase II network object NAT.

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni

‎06-24-2016 12:26 PM

Hi

the biggest thing when migrating from 8.2 to whatever higher than 8.3, it's NAT configuration (mostly this is unique issues on customer side).

To handle that migration, I'll paste right here a Cisco documentation and a Cisco tool to migrate your config file (don't care about models on the tools, just the IOS version).

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html

https://fwm.cisco.com/auth.do

Another thing concerning your asa 5505, don't rely 100% on the Cisco tool, check it before applying the config. Be careful also, ASA 5505 is the only who have switched ports compared to the other models you'll have on the tool (maybe just delete that part if you're getting errors).

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card