cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6862
Views
10
Helpful
5
Replies

how to upgrade image and asdm software on a failover pair

carl_townshend
Spotlight
Spotlight

Hi

Can anyone tell me what I need to do to upgrade the IOS and ASDM image on my firewalls when running in Active Standby

cheers

Carl

1 Accepted Solution

Accepted Solutions

Vibhor Amrodia
Cisco Employee
Cisco Employee

First thing would be to load both the asa and the asdm images on the flash of both the devices.

2. Change the boot system and the adm image on the primary device which will be replicated to the secondary automatically.

3. Go ahead and reload the secondary asa by using the failover reload-standby command

4. When the failover comes up , make the secondary device as active by doing failover active on secondary device and then reload the primary device.

5. After the primary comes up make it the active device by using command failover active on it.

6. You should be havong the asa veraion upgraded.

7. For the asdm you just have to change the asdm image command on primary asa and set it to the new image and it will be upgraded without a need for reload.

Hope this helps!

View solution in original post

5 Replies 5

Vibhor Amrodia
Cisco Employee
Cisco Employee

First thing would be to load both the asa and the asdm images on the flash of both the devices.

2. Change the boot system and the adm image on the primary device which will be replicated to the secondary automatically.

3. Go ahead and reload the secondary asa by using the failover reload-standby command

4. When the failover comes up , make the secondary device as active by doing failover active on secondary device and then reload the primary device.

5. After the primary comes up make it the active device by using command failover active on it.

6. You should be havong the asa veraion upgraded.

7. For the asdm you just have to change the asdm image command on primary asa and set it to the new image and it will be upgraded without a need for reload.

Hope this helps!

Hi,

I would have a question regarding the config synchronization during the upgrade from 8.2 -> 8.4.

at step 4 won't the ASAs try to synchronize their configs?

if they try to synchronize, they won't have the same commands - some on 8.4 are completely different.

or the synchronization won't take place?

Thanks a lot.

Hi guys,

any ideas on this one?

Thanks.

Hi Cristian,

Thank you for your reply. As per your query about the Zero-Downtime upgrade on the ASA Fail-over pair , the commands that are required for the Fail-over to work will still remain the same on the 8.4 version (i.e Failoer configuration).

Difference will be the running configuration (i.e Nat , Objects etc). It is possible to do a Zero-Downtime upgrade from the 8.2 to 8.4 version on the ASA device.

Refer this URL:-

https://supportforums.cisco.com/docs/DOC-12690

Although to be honest , i have seen some Bugs that would probably cause some issue with the configuration replication between the units eventually.

Which version are you planning to upgrade to on ASA 8.4 code ?

Thanks and Regards,

Vibhor Amrodia

Hi,

thanks for the reply.

I'm going from 8.2(1) to 8.4(6).

the question was regarding step 4.

When the failover comes up , make the secondary device as active by  doing failover active on secondary device and then reload the primary  device.

during this step, will the ASAs try to synchronize their configs? at this step the primary will run 8.2(1) and the secondary 8.4(6) which has a different set of commands (NAT, Objects, VPN, etc.)

what bugs are you referring to?

Thanks.

Regards

Cristian

Review Cisco Networking for a $25 gift card