12-17-2021 01:17 AM
I have an ASA-5516 X that is running:
1)adaptive security appliance software version 9.8(2)
2)Firepower extensible operating system version 2.2(2.52)
3)Device manager 8.7(2)
Can all three be upgraded?
Is there a recommended upgrade path?
Thank you in advance for any guidance.
12-17-2021 01:58 AM
@daniel.jesse ASA 5516-X supports upto ASA version 9.16, checkout this detailed guide below to upgrading the ASA and associated supported ASDM versions.
https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#id_59423
12-17-2021 02:05 AM
@Rob Ingram Thank you! Do you know if it is wise to go from 9.8 to 9.16? What about the Firepower extensible operating system & Device manager software?
12-17-2021 05:03 AM
Cisco recommends the latest Gold Star release unless you have a specific requirement for something only found in a later release.
Current the latest interim of 9.14(3) (Build 18) is that release for an ASA 5516-X:
https://software.cisco.com/download/home/286285782/type/280775065/release/9.14.3%20Interim
The FX-OS is bundled in the image but not really used in the case of installation on an ASA hardware appliance. It is used when installing ASA image on a Firepower appliance.
Device manager usually refers to ASDM (Adaptive Security Device Manager). In that case, the latest release is 7.17(1) and that is what's currently recommended:
https://software.cisco.com/download/home/286285782/type/280775064/release/7.17.1
12-17-2021 05:09 AM
Thank you @Marvin Rhoads, appreciated.
12-17-2021 05:12 AM
Do you know if it's ok to go from ASA982-lfbff-k8 straight to ASA9-16-2-lfbff-k8.spa please?
12-17-2021 05:34 AM
As far as the software upgrade itself that direct path is fine.
There are some low security cryptographic ciphers (mainly DES, 3DES and older Diffie-Hellman (DH) groups 2, 5 and 25 along with MD5 hash algorithm) that were deprecated in 9.13 and later. So if you configuration uses any of them for IPsec site-to-site VPNs you need to migrate away from them prior to upgrading. If you don't have any site-to-site IPsec VPNs then it's not an issue for you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide