Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
3
Replies

Cisco ASA software upgrade suggestions

Go to solution
cisco8887
Level 2
Level 2

‎01-15-2016 02:43 AM - edited ‎03-12-2019 12:08 AM

Hi Guys,

 

This thread is opened to find out how you guys tackle asa upgrade.For instance I am upgrading from 9.1 to 9.3.2

 

Cisco recommendation for each release is different from one release to another .

for instance to upgrade from 9.1.1 to 9.1.6 it is recommended to upgrade to 9.1.2 and then 9.1.6.

 

I have noticed on previous upgrades cisco does change the config significantly such as adding auto generated text and subject and acl which is a nightmare to chase and fix. I am not sure if I followed the suggested path or not but either way I was very annoyed.

As a result I am always pessimistic to do any cisco asa upgrade .

What is your experience?

 

My thoughts are :

  • Either follow the cisco upgrade path
  • Don’t follow and fix what is broken
  • Write a fresh config. This is difficult if you don’t have a document stating what commands have changed or a lab environment to test it on.

 

Which one do you prefer?

What happens if you don’t follow the path ?

What happens if you do ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee
In response to cisco8887

‎01-15-2016 09:06 AM

Hi,

As mentioned it could not always related to the configuration changes that are visible through show run. There could be some internal code/programming changes which might require the intermediate upgrade.

Also there is not specific lookup tool that would tells you what are the command changes in specific code. If you need specific information or the implementation of the newly added configuration, the  you could look for 'command reference' for that specific version.

Also if there are any specific changes related to configuration during the upgrade, you would see the warning or error messages on cisco console. Those messages are saved in flash with the naming convention as ' upgrade_startup_errors_<timestamp>.log'. 

Hope it answers your query.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎01-15-2016 08:44 AM

Hi,

I would always recommend to follow an upgrade path mentioned in Release notes for the destination upgrade image.

As there were some changes in the binary structure of the 9.x versions, some intermediate upgrades are suggested. Also there could be some changes or bug fixes which requires the intermediate upgrades.

The main changes related to ASA configuration when moved from pre 8.3 to post 8.3 version is related to NAT and the Real IP in Access-list. I am not sure what are auto generated texts and Subjects, however clear understanding of changes being made to the newer would make things lot easier to understand.

- I would prefer going through the path mentioned in release notes.

- As mentioned, there could be some bug fixes which require these intermediate upgrades. Therefore not following the path might keep create some trouble.

- If you do follow, then things would be good. If you still face some issues, then CISCO TAC would be more than happy to help you.

Hope it answers you query.

Regards,

Remember to rate helpful posts.

0 Helpful

Go to solution
cisco8887
Level 2
Level 2
In response to Akshay Rastogi

‎01-15-2016 08:53 AM

Many thanks

I thought so but once questions I have is if one follows the upgrade path that is not going to patch anything. I am saying this because when you move from 8 to 9 and suggestion is to go to 8.5 first and then 9 below is what will happen ( numbers used as exmaple only)

8 to 8.5 ( config converted )

8.5 to 9 ( config converted)

at the end you will install version 9 so any patch on 8.5 is cancelled out unless by patch you meant configuration changes which 8.5 applies to the text.

is there a cisco lookup tool that tells you what the command changes were rather than going through the manual and working it out ?

0 Helpful

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee
In response to cisco8887

‎01-15-2016 09:06 AM

Hi,

As mentioned it could not always related to the configuration changes that are visible through show run. There could be some internal code/programming changes which might require the intermediate upgrade.

Also there is not specific lookup tool that would tells you what are the command changes in specific code. If you need specific information or the implementation of the newly added configuration, the  you could look for 'command reference' for that specific version.

Also if there are any specific changes related to configuration during the upgrade, you would see the warning or error messages on cisco console. Those messages are saved in flash with the naming convention as ' upgrade_startup_errors_<timestamp>.log'. 

Hope it answers your query.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card