What version of ASA software

Will Phinney · ‎01-08-2015

Good morning everyone,

I'm going to be upgrading a pair of 5510's to 5525x's and with the exception of adding a new interface for failover on the 5525x's, since the 5510's are using the MGMT interface for failover, and yes I know that this isn't best practices, but I didn't build them. I believe the code is much the same, but I was wondering if anybody had any tips or any last minute "gotchas". Thanks everyone!

-Will

Marvin Rhoads · ‎01-08-2015

What version of ASA software are the 5510s running?

If it's pre-8.3 you will of course have the NAT and ACL syntax changes to deal with when migrating your configuration.

Other than that, one gotcha is to make sure your new boxes have the 3DES-AES license activated. Also, we need to specify strong ciphers for ssl since out of the box they may not be enabled.

I try to run 5500-X series on the current recommended release (9.2(2.4) as of now but I wouldn't be surprised to see that change to 9.2(3) shortly). Depending on where they are out of the box, you may need to do some interim upgrades to get them up to current. That's a hard requirement as the file structure changed along the way since the initial 8.6 release that supported the new boxes.

Will Phinney · ‎01-13-2015

Marvin,

Thanks for the input! It appears that it should be fairly straight forward as I it's post 8.3 on both IOS's, but I was trying to think of ANYTHING. Obviously, I will clear arp's all around the network as I've seen this trip up people. Thanks for the input!

-Will

Forklift 5510 to 5525x