Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1048
Views
0
Helpful
5
Replies

Updating Cisco 55x ASA Devices

Go to solution
bfrytm
Level 1
Level 1

‎06-30-2023 10:50 AM

Hello, I am new to Cisco products and the organization I am with has the following devices:

ASA5508, ASA Version 9.10(1), ASDM Version 7.10(1) FirePOWER software version 6.2.2-81
ASA5508, ASA Version 9.10(1), ASDM Version 7.10(1) FirePOWER software version 6.2.2-81
ASA5516, ASA Version 9.10(1), ASDM Version 7.10(1) FirePOWER software version 6.2.2-81

Looking for advise on the upgrade path to get these devices current.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎06-30-2023 11:10 AM - edited ‎06-30-2023 11:17 AM

@bfrytm The 5508/5516 supports up to ASA 9.16, ASDM 7.16(1) and Firepower 7.0.x as per the compatibility matrix - https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

RobIngram_1-1688148602719.png

If you wish to use the latest versions you would need to replace your hardware with the newer 1000 series. https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html

Upgrade guide for the different components - https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade.html Under the "Planning your upgrade" section of the last link check out the depreciated features per version, such as certain crypto ciphers for VPNs.

 

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎06-30-2023 11:10 AM - edited ‎06-30-2023 11:17 AM

@bfrytm The 5508/5516 supports up to ASA 9.16, ASDM 7.16(1) and Firepower 7.0.x as per the compatibility matrix - https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

RobIngram_1-1688148602719.png

If you wish to use the latest versions you would need to replace your hardware with the newer 1000 series. https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html

Upgrade guide for the different components - https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade.html Under the "Planning your upgrade" section of the last link check out the depreciated features per version, such as certain crypto ciphers for VPNs.

 

 

0 Helpful

Go to solution
bfrytm
Level 1
Level 1
In response to Rob Ingram

‎06-30-2023 01:53 PM

Can I ask a dumb question.  I saw a previous post but similar to yours that stated"There are some low security cryptographic ciphers (mainly DES, 3DES and older Diffie-Hellman (DH) groups 2, 5 and 25 along with MD5 hash algorithm) that were deprecated in 9.13"

The dumb question is how do I find out if there is in our setup?  I browsed around but could not find anything.

0 Helpful

Go to solution
bfrytm
Level 1
Level 1
In response to bfrytm

‎06-30-2023 02:04 PM - edited ‎06-30-2023 02:04 PM

Actually I think I found it.  Under monitoring there are three VPN tunnels.  Two are using DH2 and the other is using DH5.  Suggestions on what to change these too before upgrading the ASA?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to bfrytm

‎06-30-2023 10:45 PM

@bfrytm DH group 19, 20 or 21 should be ok. Obviously the peer devices will need to support these ciphers.

0 Helpful

Go to solution
bfrytm
Level 1
Level 1
In response to Rob Ingram

‎07-17-2023 07:32 AM

Thank you for your responses Rob, last question, can I go from 9.1 to 9.16 or do I have to increment them?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card