Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
898
Views
5
Helpful
3
Replies

IOS Upgrade from 8.0 to 9.1.6 on ASA 5510 with H.A

marcio.tormente
Level 4
Level 4

‎06-16-2017 11:50 AM - edited ‎03-12-2019 02:35 AM

Hello guys!

I have to make a upgrade in my ASA 5510 with H.A from verion 8.0 to 9.1.6 and I know that I have to upgrade to some intermetiate versions, I found a doccument that sey that the correcty would be 8.0 -> 8.2 -> 8.3 -> 8.4 -> 9.0 -> 9.1, to do this proccess will be not a problem, my concern is about the configuration.

Everybody say that NAT have problem. As I'm not expert in firewall, this should be a problem and my ASA is not coverd by warranty, for this reason i can´t open a TAC.

I have 1GB of RAM memory, for version 9.1.6 will be enough.

Can anyone help with some exemple os upgrade that I don´t have problem with the configuration?

Thanks

Marcio

Labels:
0 Helpful
3 Replies 3

cofee
Level 5
Level 5

‎06-16-2017 07:55 PM

Hello Marcio, 

In my opinion you can jump straight to 9.1. You should do the standby firewall first and erase the existing configuration before you reload the standby firewall with the new image and then you can paste the new configuration compatible with the new image. At this point you can failover the traffic from primary to standby firewall with the new image and you can upgrade primary firewall. 

This process wont be without disruption and I would advise to get a maintenance window for this upgrade. If you have the new configuration ready before hand then the entire upgrade can be less than 20 minutes.

In the new image NAT syntax and instead of NATed address real addresses are used in ACLs. I manually made changes on a notepad and this process is tedious and takes time. Cisco IOS has built in script to make necessary changes according to the new image but it makes everything very messy and if you come across any issues it will make things much harder to troubleshoot. 

marcio.tormente
Level 4
Level 4
In response to cofee

‎06-16-2017 09:45 PM

To not make any mistake, I made the upgrade from 8.0>8.2>8.3>8.4>9.1.

After 8.4 my failover start not working anymore.

The message is: Other host: Primary - Not Detected, It's from secondary, from primary is the same, just change de "primary" to "secondary".

From secondary:

failover
failover lan unit secondary
failover lan interface failover Management0/0
failover replication http
failover link failover Management0/0
failover interface ip failover 10.5.200.3 255.255.255.0 standby 10.5.200.10

From Primary:

failover
failover lan unit primary
failover lan interface failover Management0/0
failover replication http
failover link failover Management0/0
failover interface ip failover 10.5.200.3 255.255.255.0 standby 10.5.200.10

Is the same, with old version was working, now, not anymore.

Any idea?

Thanks

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to marcio.tormente

‎06-17-2017 12:43 AM

Hi Marcio,

Please share the output of sh failover.

Also check if you are able to ping the failover IP (10.5.200.3 and .10) from both the ASA's.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card