Showing results for 
Search instead for 
Did you mean: 


Upgrade of a ASA5525 active/passive cluster: New release was skipped

Hello everybody,


I have to upgrade a ASA5525 active/passive cluster from rel. 9.12(4)
to the suggested release 9.14(2)15 and it is not my first upgrade.


The boot oder in the config on both nodes is:
boot system disk0:/asa9-14-2-15-smp-k8.bin
boot system disk0:/asa9-12-4-smp-k8.bin
boot system disk0:/asa9-12-3-smp-k8.bin
and all files are stored in te flashed of both nodes.


After the command:
# failover reload-standby
on the active primary node the passive standby node
boots the release 9.12(4) again.


I checked this on the passive standby node:

mut-asa-cl01# sh run
ASA Version 9.12(4)              <---

mut-asa-cl01# sh fa
Failover On
Failover unit Secondary
Failover LAN Interface: FO-LINK GigabitEthernet0/3 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 466 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.12(4), Mate 9.12(4)                <---
Serial Number: Ours FCH2025J9A2, Mate FCH2025J9B4
Last Failover at: 17:13:20 CEDT Sep 21 2021
        This host: Secondary - Standby Ready
                Active time: 0 (sec)
                slot 0: ASA5525 hw/sw rev (1.0/9.12(4)) status (Up Sys)                         <---
                  Interface Interface-Outside ( Normal (Monitored)
                  Interface Outside-GmuendCom ( Normal (Not-Monitored)

I don't know why it skipped the first release in the boot order: 9.14(2)15


I stopped the upgrade procedure here.


Please find the 'show tech' output attached.


What would you do in this situation?


Thanks a lot!




Marvin Rhoads
VIP Community Legend

As indicated in your show tech output:

Configuration register is 0x1

This is the default value and should cause the ASA to boot the first image specified in your "boot system ..." commands. Refernce:

To see why it isn't working, you would have to capture the console output during a reload of the problem unit. It could be a corrupted image; but in your case I see the command history shows you have verified the image.