Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5705
Views
11
Helpful
6
Replies

Cisco ASA 5516-X - path to upgrade to latest software

daniel.jesse
Level 1
Level 1

‎12-17-2021 01:17 AM

I have an ASA-5516 X that is running:

1)adaptive security appliance software version 9.8(2)

2)Firepower extensible operating system version 2.2(2.52)

3)Device manager 8.7(2)

Can all three be upgraded?

Is there a recommended upgrade path?

Thank you in advance for any guidance.

Labels:
0 Helpful
6 Replies 6

Rob Ingram
VIP
VIP

‎12-17-2021 01:58 AM

@daniel.jesse ASA 5516-X supports upto ASA version 9.16, checkout this detailed guide below to upgrading the ASA and associated supported ASDM versions.

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#id_59423

 

0 Helpful

daniel.jesse
Level 1
Level 1

‎12-17-2021 02:05 AM

@Rob Ingram Thank you!  Do you know if it is wise to go from 9.8 to 9.16?  What about the Firepower extensible operating system & Device manager software?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-17-2021 05:03 AM

Cisco recommends the latest Gold Star release unless you have a specific requirement for something only found in a later release.

Current the latest interim of 9.14(3) (Build 18) is that release for an ASA 5516-X:

https://software.cisco.com/download/home/286285782/type/280775065/release/9.14.3%20Interim

The FX-OS is bundled in the image but not really used in the case of installation on an ASA hardware appliance. It is used when installing ASA image on a Firepower appliance.

Device manager usually refers to ASDM (Adaptive Security Device Manager). In that case, the latest release is 7.17(1) and that is what's currently recommended:

https://software.cisco.com/download/home/286285782/type/280775064/release/7.17.1

daniel.jesse
Level 1
Level 1
In response to Marvin Rhoads

‎12-17-2021 05:09 AM

Thank you @Marvin Rhoads, appreciated.

0 Helpful

daniel.jesse
Level 1
Level 1
In response to Marvin Rhoads

‎12-17-2021 05:12 AM

Do you know if it's ok to go from ASA982-lfbff-k8 straight to ASA9-16-2-lfbff-k8.spa please?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to daniel.jesse

‎12-17-2021 05:34 AM

As far as the software upgrade itself that direct path is fine.

There are some low security cryptographic ciphers (mainly DES, 3DES and older Diffie-Hellman (DH) groups 2, 5 and 25 along with MD5 hash algorithm) that were deprecated in 9.13 and later. So if you configuration uses any of them for IPsec site-to-site VPNs you need to migrate away from them prior to upgrading. If you don't have any site-to-site IPsec VPNs then it's not an issue for you.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card