It with the Annyconnect vpn in the 8.4 version I have 20 lic when I do the downgrade it show not installed.

I dont know if the downgrade command is wrong

downgrade asa822-k8.bin 7_2_2_0_startup_cfg.sav

thanks.

Have you tried to reinstall the AnyConnect license? If yes, what were the results (please give the exact error, if any, that you received)

Could you please post the output of the following commands:

dir

show version

--

Please remember to select a correct answer and rate helpful posts

Hi all,

I will do a downgrade today again from 8.4 to 8.2 and reinstall the license, but one thing about Marvins comments, from the old version I have the 7.2.2 , how can i do the downgrade to the 8.2 if I only have a .sav file with 7.2.2.?

Thanks.

A 7.2(2) configuration file is not designed to work with an 8.2 OS. Much of it may work, but other bits may not.

You would be better off analyzing the 8.4 configuration and re-entering "by hand" it with manually modified syntax changes (i.e. NAT rules and access-lists referring to NAT addresses vs. real IP addresses) onto the 8.2 appliance.

All begging the question of why one would want to do so in the first place....

the customer has all other firewalls in 8.2 and at this point they want to keep it like this, and thats why we need to put it in that version.

thanks.

Hello Marius

Here is the output you requested.

sh ver

Cisco Adaptive Security Appliance Software Version 8.4(0)128 

Compiled on Tue 18-Jan-11 01:33 by builders
System image file is "disk0:/asa840-128-k8.bin"
Config file at boot was "startup-config"

ASA5510 up 1 day 0 hours

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 64MB
BIOS Flash AT49LW080 @ 0xfff00000, 1024KB

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 10             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 5              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 50             perpetual
AnyConnect Essentials             : 50             perpetual
Other VPN Peers                   : 50             perpetual
Total VPN Peers                   : 50             perpetual
Shared License                    : Enabled        perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
UC Phone Proxy Sessions           : 10             perpetual
Total UC Proxy Sessions           : 10             perpetual
Botnet Traffic Filter             : Enabled        perpetual
Intercompany Media Engine         : Disabled       perpetual

Directory of disk0:/

97     -rwx  15390720     01:18:40 Jan 01 2003  asa825-k8.bin
99     -rwx  8312832      09:36:52 Mar 12 2007  asa722-k8.bin
100    -rwx  5623108      09:38:12 Mar 12 2007  asdm-522.bin
101    -rwx  24938496     02:31:58 Jan 01 2003  asa840-128-k8.bin
3      drwx  4096         15:02:50 Jan 28 2011  log
6      drwx  4096         15:03:12 Jan 28 2011  crypto_archive
86     -rwx  8734         00:01:57 Jan 01 2003  7_2_2_0_startup_cfg.sav
14     drwx  4096         15:03:24 Jan 28 2011  coredumpinfo
102    -rwx  1780         15:03:24 Jan 28 2011  upgrade_startup_errors_201101281503.log
103    -rwx  1780         17:38:38 Jan 28 2011  upgrade_startup_errors_201101281738.log
104    -rwx  260          17:41:14 Jan 28 2011  upgrade_startup_errors_201101281741.log
106    -rwx  1383         02:37:52 Jan 01 2003  upgrade_startup_errors_200301010237.log

You will most likely, as Marvin has hinted on, take a manual backup of your current running config and then manually adjust the configuration to suite the 8.2 version. another option would be to take the running config of one of the other 8.2 ASAs and amend that to the needs of the new ASA (IP addresses, ACLs, NAT, VPN pools...etc.)

--

Please remember to select a correct answer and rate helpful posts

Marius,

In this firewall I have no configuration is blank, when you mean amend the config from an other ASA is to replace the 7_2_2_0_startup_cfg.sav? and then do the downgrade with the new sav file?

In the other firewall I have that it also a 5510 I have the following files. I dont see the sav. file to replace the new one.

Directory of disk0:/

75     drwx  2048        13:40:34 Nov 25 2008  log
80     drwx  2048        13:41:02 Nov 25 2008  crypto_archive
176    -rwx  7598456     19:02:14 Mar 17 2009  asdm-615.bin
177    -rwx  8570880     18:27:50 Dec 15 2011  asa725-k8.bin
178    -rwx  1575        10:23:50 Mar 25 2010  admin.cfg
179    -rwx  15390720    18:31:38 Dec 15 2011  asa825-k8.bin
180    -rwx  3790        18:51:24 Dec 15 2011  cfg_7.2.5_rev_1.0.txt
181    -rwx  4416        18:59:44 Dec 15 2011  cfg_8.2.5_rev_1.0.txt
182    -rwx  13934592    19:52:04 Dec 16 2011  asa805-k8.bin
183    drwx  2048        15:09:20 Feb 01 2010  coredumpinfo
184    -rwx  4647        18:34:16 Dec 16 2011  cfg_8.2.5_rev_1.1.txt
185    -rwx  3993        19:20:38 Dec 16 2011  cfg_7.2.2_rev1.2.txt
186    -rwx  2213        10:23:50 Mar 25 2010  old_running.cfg
187    -rwx  1630        10:58:06 Mar 25 2010  admin
188    -rwx  1951        10:58:06 Mar 25 2010  c1
189    -rwx  1791        10:58:12 Mar 25 2010  c2
190    -rwx  11491880    11:34:58 Mar 31 2010  asdm-623.bin

Thanks!!

On the firewall with default configuration here is how I would do it:

1. Upload the desired image and set the boot variable to that image.

2. Save and reload.

3. Verify your running version and that the activation key still shows the desired licenses using "show version".

4. Open "7_2_2_0_startup_cfg.sav" in a text editor and enter the lines into the firewall in config mode.

5. Investigate and remedy any lines that present invalid syntax due to 7.x - 8.x differences.

6. Save and reload once more. Double check disk0: for a file "startup_errors" (exact name will vary) to see if any lines didn't parse correctly.

7 Test proper operations in the production environment during an approved change window.

The downgrade in itself should not remove the license. I would (as Marius suggested) see what "show ver" reports.

Also the configuration backup you specified seems to be from a very old version - 7.2(2). There may be commands (or lack of commands) in that to prevent the AnyConnect Premium from working. 

Depending on what features you were using you may also need to verify copies of dap.xml and clientless portal configuration etc.