Elaborating slightly on the

Esben Pedersen · ‎12-02-2015

Hi all

I am planing to upgrade our asa5505 software to the new version (9.2). Currently we are running 8.2 and some boxes are running 8.4.

I have read that I have to reconfigure the NAT part in order to make it work on 9.2

Are there anything else that has changed / things I should be aware of ?

Thanks in advance !

b.r.

Esben Pedersen - Kamco A/S

Shivapramod M · ‎12-02-2015

Hi Esben,

There are changes in the NAT and ACL statmements when you upgrade above version 8.3. Also for ASA5505 needs RAM size of 512Mb (depending upon the license). For more information you can refer the below document.

https://supportforums.cisco.com/document/48646/asa-83-upgrade-what-you-need-know

Regarding the upgrade to 9.2 you need first to upgrade the device to 8.4.6 before upgrading to 9.2 version. Please refer the below link.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/upgrade/upgrade92.html

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

James Leinweber · ‎12-02-2015

Elaborating slightly on the good advice from Shivapramod:

The two biggest changes are that in 8.3 the NAT stuff was completely redone, and in 9.0 the v4 and v6 access-lists and groups were unified. You can also upgrade IPsec connections to IKEv2 negotiations, etc.

Most of your existing NAT mappings probably get replaced by new-fangled "network object" mappings (phase II); you may need some phase I "twice NAT" rules to replace any existing "nat 0" stuff.

"ipv6 access-list" is gone, and the "any" keyword trifurcates into dual-stack "any", v4-only "any4", and v6-only "any6".

In my case doing a similar upgrade, I used the auto-translated rules from a test lab as hints for doing a from-scratch rewrite of my production configuration. You might want to do the same after looking at the translated results.

-- Jim Lweinber, WI State Lab of Hygiene

Question regarding upgrade from asa5505 software version 8.2 to 9.2