Upgrade of a ASA5525 active/passive cluster: New release was skipped
I have to upgrade a ASA5525 active/passive cluster from rel. 9.12(4) to the suggested release 9.14(2)15 and it is not my first upgrade.
The boot oder in the config on both nodes is: boot system disk0:/asa9-14-2-15-smp-k8.bin boot system disk0:/asa9-12-4-smp-k8.bin boot system disk0:/asa9-12-3-smp-k8.bin and all files are stored in te flashed of both nodes.
After the command: # failover reload-standby on the active primary node the passive standby node boots the release 9.12(4) again.
I checked this on the passive standby node:
mut-asa-cl01# sh run
ASA Version 9.12(4) <---
mut-asa-cl01# sh fa
Failover unit Secondary
Failover LAN Interface: FO-LINK GigabitEthernet0/3 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 466 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.12(4), Mate 9.12(4) <---
Serial Number: Ours FCH2025J9A2, Mate FCH2025J9B4
Last Failover at: 17:13:20 CEDT Sep 21 2021
This host: Secondary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.12(4)) status (Up Sys) <---
Interface Interface-Outside (184.108.40.206): Normal (Monitored)
Interface Outside-GmuendCom (0.0.0.0): Normal (Not-Monitored)
I don't know why it skipped the first release in the boot order: 9.14(2)15
To see why it isn't working, you would have to capture the console output during a reload of the problem unit. It could be a corrupted image; but in your case I see the command history shows you have verified the image.
This month, we're excited to bring awareness to a newly formed partnership between Cisco Secure and IBM.
Securing today's dynamic enterprise applications is critical. With hybrid and multi-cloud adoption, traditional network-based security ran into limita...
Listen: https://smarturl.it/CCRS8E42Follow us: twitter.com/CiscoChampion
APIClarity is an open source, cloud-native visibility tool for APIs. It utilizes a Service Mesh framework to capture and analyze API traffic and identify potential risks.
Hello everyone, A new video in the Cisco Secure Terraform Series has just been published. If you are interested in Infrastructure as Code, and Terraform, you don't want to miss out on this amazing series with Jason "Canadian Bacon" Maynard! Newe...
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...