Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
0
Helpful
4
Replies

Firewall upgradation from 8.2 to 8.4

prashantrecon
Level 1
Level 1

‎01-14-2013 05:33 AM - edited ‎03-11-2019 05:46 PM

Hi Team,

We have decided  to upgarde the firewall from 8.2 to 8.4 .

Once i upgarde it to 8.4 what are the changes i need to carry out.

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎01-14-2013 05:47 AM

Hi,

Before doing anything I suggest checking your current ASA firewall memory amount so it supports moving from 8.2 to a newer software level (If you havent already done so)

Refer to the document linked below for the memory requirements

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-586414.html

I would also stress that the NAT has gone through major changes and ACLs has had some changes related to the NAT changes.

Are you planning on just booting the ASA with the new software and letting the ASA migrate all your configurations to the new format?

I'm not 100% sure is there any difference with 8.2 -> 8.3 update compared to 8.2 -> 8.4 update. I think Cisco recomends to do the update in steps so that every configurations gets migrated correctly (Latest 8.2 -> 8.3 -> 8.4).

I personally convert the old configuration manually to the new one. After I have updated the ASA I then use the new configuration instead of letting the ASA migrate the configurations. (The automatic migration might create rules that dont work or it might generally create and configurations that isnt ideal/optimal)

Personally I wouldnt suggest to anyone to update from 8.2 to any software of 8.3 or above without first getting to know the new NAT/ACL format beforehand. If you run into some problems after the update it will be hard to correct any possible problem. Ofcourse theres always the chance of reverting back to the old software and configurations. Make sure you backup the configurations before any major change like this one.

- Jouni

0 Helpful

prashantrecon
Level 1
Level 1
In response to Jouni Forss

‎01-14-2013 06:04 AM

Thanks Jouni,

we have upgraded the ram to 2GB.Can i know which are rules that has to be changed can u expalin by giving the small example.

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to prashantrecon

‎01-14-2013 06:14 AM

Hi,

If your NAT configuration in the 8.2 software isnt big, you could always post them here if possible (you could remove the complete public IP addresses for safety reasons) If you have "nat" and "static" configuration lines with "access-list" configurations, please also include the "access-list" configurations.

I could then give you examples of the NAT configurations you might need in the new NAT format.

Notice though that there is still the possibility to of letting the ASA convert all the configurations as it boots to the new software but I just wanted to let you know it does has its own risks but I'm sure people still use it.

- Jouni

0 Helpful

prashantrecon
Level 1
Level 1
In response to Jouni Forss

‎01-14-2013 06:19 AM

Thanks Jouni.

I will send my config through private mail.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card