08-24-2012 10:40 AM - edited 03-11-2019 04:46 PM
Has anyone tried this or done something similar? This is to test the upgrade of our ASA5550 from 8.2 to 8.4.
I have a test ASA5520 with 8.4. I copied the 5550 config to the 5520 then rebooted it.
After the upgrade, I couldn't test connectivity of course, but the upgrade seem to be a success as the errors in the logs are minimal.
However, after looking at the new config ,I see new entries (i.e access-lists, object-groups) that do not exist in the old config.
I'm familiar with the new NAT and object scheme. But in looking at the flow for our outside ACL (from object, to NAT, to access-list), it does not seem to make sense.
I'm also opening a TAC case to see if they can evaluate the configs.
I also wanted to ask those who have gone though the upgrade what they're experience had been.
Any comments is appreciated.
08-24-2012 10:47 AM
Hello Richard,
8.3 and higher versions is based on object-networks so your entire nat will be based on that ( as an example if you have names enabled before the upgrade, all of the names will be translated to objects automatically)
Also if you have nat-control enabled extra nat statements will be added to your configuration as Nat control is disabled on this higher versions so it's a must to disable it before the upgrade.
Please keep this links with you
https://supportforums.cisco.com/docs/DOC-12690
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_objects.html
Rate all the helpful posts
Regards,
Julio
08-24-2012 10:55 AM
Hi Julio,
Thanks for the reply. Names and nat-control are disabled on our 5550.
08-24-2012 11:00 AM
Hello Richard,
The nat control disabled is great
Please read the first link I sent you so you can learn about how the ASA on 8.3 and higher versions works, then you will be able to read your configuration and figure out if there is something wrong.
Rate all the helpful posts
08-24-2012 02:40 PM
I also discovered that the outside ACLs are still showing the NATted IP addresses instead of Real addresses.
Looks like there's going to be a LOT of cleaning up after the upgrade.
Has anyone encountered this issue?
08-24-2012 03:14 PM
Hello Richard,
That usually happens because of an upgrade error but I have seen the behavior before, let's see if someone else has seen this issue.
Regards,
Julio
08-24-2012 03:30 PM
Thanks Julio. I will go through it again and see if I get a different result.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: