Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
3
Replies

Cisco ASA OS Upgrade

Go to solution
Adley Francois
Level 1
Level 1

‎02-21-2016 02:49 AM - edited ‎03-12-2019 12:22 AM

Hello,

What are the challenges while upgrading Cisco OS from 8.2 (5) to 9.1 (7)? I'm planning to go through from 8.2 to 8.4 to 9.1, Is it correct? Is there any chance of losing the configuration or any issue?

Please assist.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-21-2016 08:35 AM

There are several pitfalls that have been discussed at length in many postings on this forum.

Primarily is the change of NAT and access-list syntax. The upgrade process will automatically convert them for you but in all but the most simple configuration, the results will likely add a lot of unnecessary complexity and in some cases results in broken functionality.

You also need to verify your ASA has enough memory to support the later versions. The requirements increased as of 8.3.

You should read through your configuration and some related threads and decide on whether you are comfortable with the changes.

I recommend starting with Jouni's thorough explanation of post-8.3 NAT: 

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-21-2016 08:35 AM

There are several pitfalls that have been discussed at length in many postings on this forum.

Primarily is the change of NAT and access-list syntax. The upgrade process will automatically convert them for you but in all but the most simple configuration, the results will likely add a lot of unnecessary complexity and in some cases results in broken functionality.

You also need to verify your ASA has enough memory to support the later versions. The requirements increased as of 8.3.

You should read through your configuration and some related threads and decide on whether you are comfortable with the changes.

I recommend starting with Jouni's thorough explanation of post-8.3 NAT: 

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to Marvin Rhoads

‎02-21-2016 06:08 PM

Hi,

In addition to Marvin's suggestion... incase if you are planning to go to 9.1.7 due to recent 'critical' vulnerability, Cisco released 8.2.5.59- which addresses that issue. Your goal to address ikev1/v2 issue, 8.2.5.59 will do with out much hassle. However, recommended long term solution is to move to 9.x code - as 8.2.5 is end of support.

Thx

MS

0 Helpful

Go to solution
Adley Francois
Level 1
Level 1
In response to mvsheik123

‎02-23-2016 10:59 AM

I went ahead and upgraded the OS from 8.2 to 8.4(3) to 8.4(6) to 9.1(7) and I didn't face any issue during the upgrade process except few commands were got it removed of crypto that I added back to the configuration and all is set now.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card