03-11-2008 08:20 AM - edited 03-11-2019 05:15 AM
I will be upgrading an active standby failover pair of PIX 525s later this week. They are running LAN based and stateful failover. I am planning to use the following procedure:
Step 1 Download the new software to both units, and specify the new image to load with the boot system command.
Step 2 Reload the standby unit to boot the new image by entering the following command on the active unit:
active# failover reload-standby
Step 3 When the standby unit has finished reloading, and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the following command on the active unit.
-------------------------------------------------------------------------------
active# no failover active
Step 4 Reload the former active unit (now the new standby unit) by entering the following command:
newstandby# reload
Step 5 When the new standby unit has finished reloading, and is in the Standby Ready state, return the original active unit to active status by entering the following command:
newstandby# failover active
I couldn't find much information about upgrading a failover pair from 7 to 8. I just want to confirm that this is the proper procedure. Any advice will be much appreciated. Thanks.
Solved! Go to Solution.
03-11-2008 09:36 AM
Well you may do a zero downtime upgrade after codes 7.x
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mswli
cfg.html#wp1053398
03-11-2008 09:01 AM
After 7.0.x there was zero downtime available for failover upgrade
03-11-2008 09:07 AM
I don't mind having a bit of downtime. I would prefer not to have to perform a bunch of incremental upgrades to take advantage of the zero downtime feature. Does the procedure that I listed look correct for upgrading from 7.1 directly to 8.0(3)?
03-11-2008 09:17 AM
its good..just that you can't jump directly from from 7.1 to 8.0.3, you need to first go to interim 7.2
03-11-2008 09:23 AM
So I should be able to perform the zero downtime upgrade from 7.1 to 7.2 using the zero downtimeprocedure, then upgrade both devices to 8.0(3). The upgrade to 8.0(3) will have a bit of downtime though...right?
03-11-2008 09:36 AM
Well you may do a zero downtime upgrade after codes 7.x
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mswli
cfg.html#wp1053398
03-11-2008 09:57 AM
Thanks. I will follow that procedure to migrate from 7.1 to 7.2 and then from 7.2 to 8.0(3).
03-12-2008 09:35 AM
Abinjola,
This next week, I would like to upgrade my pix 525 from 6.3(5) to 7.2(3)and asdm-523.
Do i have to upgrade to 7.0(1) first then 7.2(3) ?
Could you please verify and my step by step procedure...
1) power down pix2
2) upgrade pix1 (primary pix)
a) on enable mode
copy tftp flash:image
pix723.bin
reboot
b) on enable mode
copy tftp flahs:asdm
asdm-523.bin
reboot
3) veify the traffic passses
4) power down pix1
5) power on pix2 (secondary)
a) on enable mode
copy tftp flash:image
pix723.bin
reboot
b) on enable mode
copy tftp flahs:asdm
asdm-523.bin
reboot
Do you have tips or tricks, please feel free to add..
thanks
Racy
03-12-2008 09:56 AM
Gentlemen rate the posts always on a scale of 5 so that we know how helpful was our research/ posts/replies
Racy ..to answer your Query"Do i have to upgrade to 7.0(1) first then 7.2(3) ?
-->yes
follow this seq in steps :-
Power off Primary (this causes Secondary to become active)
Disconnect all cables from Primary (including failover cable)
Power on Primary and attach a PC with a tftp server on it
Use "copy tftp flash" to upgrade the Primary
Reload Primary and verify the new version, config... etc...
Power off Primary
Reconnect all cables back to the Primary
Quickly power off Secondary, and then immediately Power on
- Note: This is where your downtime will occur while the Primary is booting
Once the Primary is up it will be Active, and passing traffic (though after 7.x you have zero downtime available)
Repeat steps 2 - 7, but for the Secondary PIX
Power on the Secondary, it will come up as Standby
Both PIXes are now running the upgraded version and back to normal operation.
This completes the upgrade process.
03-12-2008 10:56 AM
Thanks Abinjola,
My bad ⦠I forgot to rate the post. You already knew the scale is always 5! It is very helpful.
I would not mind to have some downtime.
So Could I upgrade two steps 7.0(1) and 7.2(3) right way.
Let's say⦠I upgrade from 6.3(5) to 7.0(1) then reboot pix-primary verify the new version 7.0(1) then upgrade pix-primary again with new code 7.2(3).
I would do the same on secondary pix.
Is it possible? Do you see any harms? If I would like to do two versions upgrade one after another in short period of time.
Once again thank you.
Racy
03-12-2008 11:12 AM
yes, in a series you may upgrade first to 7.0.1 and then to 7.2.3, no harms
05-02-2008 11:04 AM
Hi Abinjola,
I am puting in plan to go from 6.4 to 7.2(4). I went through the upgrade procedure for 7.0 and release notes for both 7.2 and 7.0. Just double checking to make sure I do this in one shot. I did not see anything against this.
Also wondering if you have an prefrence to use the boot mode vs. through ios. The upgrade doco for 7.0 does not talk about this.
Also where can I get a copy of the software that reformats the flash please?
05-06-2008 06:32 AM
Hi Racy,
Tip!
When upgrading your 6.3 to 7.0 to 7.2, dont forget to path your boot system before reloading your 7.0 to 7.2 version.
Ex:
pix(config)#boot system flash:/pix722.bin
Hope it will help you,
Regards,
Jong
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide