cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2064
Views
0
Helpful
3
Replies

Upgrade ASA5510 to latest available software

anand_rahul13
Level 1
Level 1

I am planning to upgrade ASA5510 to latest available software from version 8.2(1). I understand any upgrade post 8.3 requires memory upgrade to 1GB as well. I understand there would be NAT, ACL changes when upgrading to version 8.3.

I would like to know what is the best upgrade path to follow to upgrade from 8.2(1) to latest possible version on ASA 5510?

And what is the latest version supported on ASA5510?

thank you

2 Accepted Solutions

Accepted Solutions

The information how to upgrade is always outlined in the release notes. You have to upgrade first to 8.4(5) and then you can go to the newest version which is 9.1(7)9 at the moment.

View solution in original post

Pawan Raut
Level 4
Level 4

Hi Rahul,

While migration from 8.2 to 8.3 and above. Kindly note that nat syntax will change also the packet flow on ASA has been changed post 8.3 where NAT untranslation for destination happens before it check for the access rules and acl of 8.2 wont help.

In 8.2 we do allow flow coming from outside to inside over Public (Mapped) IP since the access rules do match first and then NAT untranslation happens. But post 8.3, you need to create a rule on Real IP address and not on Mapped IP.

But if you have acl for vpn encryption then the vpn encryption acl should have mapped IP address as old 8.2 has and not real one.

You can use Cisco Migration tool ((https://fwm.cisco.com) fr ASA Migration and upgradadtion.

The Latest suggested Cisco IOS is asa917-9-k8.bin. But Kindly read release notes and check it is stable for your network environment.

Regards,

Pawan (CCIE#52104)

Kindly rate for useful post.

View solution in original post

3 Replies 3

The information how to upgrade is always outlined in the release notes. You have to upgrade first to 8.4(5) and then you can go to the newest version which is 9.1(7)9 at the moment.

Pawan Raut
Level 4
Level 4

Hi Rahul,

While migration from 8.2 to 8.3 and above. Kindly note that nat syntax will change also the packet flow on ASA has been changed post 8.3 where NAT untranslation for destination happens before it check for the access rules and acl of 8.2 wont help.

In 8.2 we do allow flow coming from outside to inside over Public (Mapped) IP since the access rules do match first and then NAT untranslation happens. But post 8.3, you need to create a rule on Real IP address and not on Mapped IP.

But if you have acl for vpn encryption then the vpn encryption acl should have mapped IP address as old 8.2 has and not real one.

You can use Cisco Migration tool ((https://fwm.cisco.com) fr ASA Migration and upgradadtion.

The Latest suggested Cisco IOS is asa917-9-k8.bin. But Kindly read release notes and check it is stable for your network environment.

Regards,

Pawan (CCIE#52104)

Kindly rate for useful post.

Thanks Pawan for your reply.

Appreciated.

Regards,

Rahul

Review Cisco Networking for a $25 gift card