Thank you for the information.

When I upgrade the standby ASA from 8.2 to 8.4 then 9.1, will this break the active/standy pair? Will i be able to still fail the active ASA (which would still be on the 8.2 version) to standy and the new standby becomes active even if the versions are different?

Hello,

while upgrading the IOS , u have to do the things in proper manner. As for synchronization between two ASA , IOS should be same.

1> Upload the IOS file to your secondary & Primary ASA.

2> Reload the Secondary ASA.

3> After reloading, when the ASA boots up , make the secondary ASA as Lan unit primary ( forceful mechanism )

4> Then  on primary ASA make LAN unit secondary ( forceful mechanism )

5> Reload the primary ASA

Thanks

The active and standby units should have the same major and minor software version.  However as of 8.3 an exception has been added for situations during upgrade that for the duration of the upgrade of the active standby pair, as long as they remain within the same major release the pair will remain in active standby.  I am not sure what will happen when you go to the next major release, but I am assuming that the active standby pair will be broken until both units are back on the same software version.

--
Please remember to rate and select a correct answer

If the pair is broken, would I still be able to issue failover commands (failing active to standby, failing standby back to active,etc...?)

Also, if i'm going from 8.2 to 8.4 to 9.1, am i going to have to first upgrade the standby to 8.4 reboot, then upgrade to 9.1, reboot?

If the pair is broken, would I still be able to issue failover commands  (failing active to standby, failing standby back to active,etc...?)

From my understanding, as long as you are within the 8.x release of the ASA software you will be able to issue failover commands and replicate config between the two devices.  You will however se error messages stating that the versions are not the same.  I am uncertain what type of behavior you will see when when going to 9.1 as I have not had to upgrade to that version yet.

Also, if i'm going from 8.2 to 8.4 to 9.1, am i going to have to first  upgrade the standby to 8.4 reboot, then upgrade to 9.1, reboot?

The path I would recommend is to upgrade both units to 8.4 first and then to 9.1.  You also need to make sure that the ASAs have the correct amount of memory to support 8.3 and higher software.  So the steps would be something like this:

1. check to see if the ASAs have the correct amount of memory. The 5520 requires 2GB of memory (upgrade memory if required)
2. download 8.4 and 9.1 from cisco.com website and copy both to the ASA's flash
3. upgrade the standby ASA version to 8.4 (boot system flash:)
4. reboot the standby ASA
5. When it comes up, make the necessary changes to the NAT and ACLs with regards to object group usage
6. Make the Standby ASA the active firewall
7. repeat steps 3 to 6
8. upgrade the standby ASA version to 9.1
9. reboot the standby ASA
10. Make the standby ASA the active firewall
11. upgrade the standby ASA version to 9.1
12. Reboot the standby ASA
13. Make the standby ASA active again, if required to maintain the original active ASA as active.

--
Please remember to rate and select a correct answer

Hi, i recently upgrade our 5505 asa from 8.2(5) directly to 9.1 and suddenly i lost access to it. any help? 

for 8.2(5) to 9.1 you need to first upgrade to 8.4(5) first.

you have to go to the patch 8.2 to 8.4 to 9.x.

you need to upgrade the active ASA to software 9.1 and for the passive which you lost control of it you need to console to the cli to check what is happening. i am afraid there is no quick fix for it.

for the passive 8.2 to 8.4 than 9.1