Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
3
Replies

Does Maintenance release number matter during ASA Failover Pair upgrade?

edgarcparra
Level 1
Level 1

‎05-21-2014 02:25 PM - edited ‎03-11-2019 09:13 PM

Hi Guys,

 

I have been tasked with upgrading two ASA units that are in an active/standby pair from 8.2(?) to 9.1.

 

I have a few questoins..

Does the maintenance release number matter when upgrading from 8.2 to 8.4 and to 9.1?

If they are version 8.2.2, do I have to upgrade them to 8.2.5 or something like that?

Can i pick any maintenance number when upgrading to the next 8.4? 

Can I skip over 8.3 and go to 8.4 and still maintain the zero downtime functionality?

When they are both at 8.4 and it is time to upgrade to 9.1, will the difference in the major number cause any issue with initiating failover commands?

 

Thank you.

Labels:
0 Helpful
3 Replies 3

jpl861
Level 4
Level 4

‎05-21-2014 02:53 PM

Aside from the IOS version, you will also have to worry about the NAT configurations as they are no longer the same. The new format started in 8.3 but you are still at 8.2 so you need to plan that one as well.
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-21-2014 04:38 PM

Go to 8.4(6) first. Then to 9.1(3) or later. That's what's recommended by Cisco (reference) and I agree. You can go straight to 8.4(6) from any 8.2 (x) release.

As noted by the earlier poster, check your migrated NAT for proper function (and for opportunity to clean it up) as it changes significantly. The cli parser will migrate it for you automatically, but it may not always be pretty. :)

As noted in the release note I linked above, "The units in a failover configuration or ASA cluster should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support. To ensure long-term compatibility and stability, we recommend upgrading all units to the same version as soon as possible."

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card