Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1972
Views
15
Helpful
7
Replies

Cisco ASA - Upgrading Firmware on Active/standby units

Go to solution
LovejitSingh1313
Level 1
Level 1

‎08-26-2020 02:01 PM

Hello Guys, @Mohammed al Baqari  @balaji.bandi  @Rob Ingram  @Marvin Rhoads 

I am planning to update firmware from 9.9 to 9.12.3.12 including ASDM 7.14(1). I already upload both images to both unites.
I will update the standby firewall first and boot it with a new image and make it primary and the repeat same process with the Active unit.

I need to know which commands I need to use to make a new image as a primary boot image and new ASDM image as the primary ASDM image?

I want to make sure if reboot happens in future ASA always boot with the new image.

Thanks,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-26-2020 02:07 PM

here is the complete steps :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/asa-appliance-asav.html#concept_F0701C3A86854801958757CEF1E4D999

 

Note : 

 

1. backup the configuration out of the box.

2. you should not see any downtime - but always suggest to do in a maintenance window.

3. is this FW running a long time, make sure check the failover working as expected and reload the unit before the upgrade, so you know it working as expected before the upgrade.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-26-2020 02:07 PM

here is the complete steps :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/asa-appliance-asav.html#concept_F0701C3A86854801958757CEF1E4D999

 

Note : 

 

1. backup the configuration out of the box.

2. you should not see any downtime - but always suggest to do in a maintenance window.

3. is this FW running a long time, make sure check the failover working as expected and reload the unit before the upgrade, so you know it working as expected before the upgrade.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
LovejitSingh1313
Level 1
Level 1
In response to balaji.bandi

‎08-26-2020 06:49 PM

Hello @balaji.bandi 

 

I update 5525x from 9.4(4)36 to 9.12.3.12  and standby ASA did not came back online. please advice the next steps.

 

Thanks,

 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to LovejitSingh1313

‎08-26-2020 08:26 PM

If the standby unit is offline then you should attached console cable and open a session to it using your terminal emulator software.

Reload from power on and capture all of the output in a log file and share it here.

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to LovejitSingh1313

‎08-27-2020 02:25 AM

As per the orginal post you are upgrading from " firmware from 9.9 to 9.12.3.12 including ASDM 7.14(1)"

 

as per  your reply you upgrading from "9.4(4)36 to 9.12.3.12"  - that is ok but we want to be sure some time what is the version.

Some time may required upgrade path (not in this case)

 

Please confirm  the steps you followed - also connect Console cable to see is that gone in to ROMMON ?

have you removed old boot reference ? after adding new Boot reference ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
LovejitSingh1313
Level 1
Level 1
In response to balaji.bandi

‎08-27-2020 10:13 AM

Hello @balaji.bandi  @Marvin Rhoads 

I will connect to the unit and will share the output.

I uploaded the ASDM and software image to both units by using the ASDM File manager. I log in to the standby unit by using the standby IP address and change the boot image and asdm image. I deleted the old boot image commands and replaced it by a new boot system image disk0:/----.bin. Then I rebooted the standby unit but it never came back.

Thanks,

 

0 Helpful

Go to solution
LovejitSingh1313
Level 1
Level 1
In response to LovejitSingh1313

‎08-27-2020 11:04 AM

Hello @balaji.bandi  @Marvin Rhoads 

 

The firewall was booted but firmware update deleted the failover interface command as it was configured with APIPA IP and 9.4 OS was working with it but 9.12 did not like.

 

Adding that command fixed the issue.

 

Thanks

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-27-2020 11:06 AM

Thanks for the input -glad all went well at the end. 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card