Solved: Upgrade Question - Simple Question I think

Simon.peters1 · ‎06-20-2016

Hello,

I have a live asa currently running version ASDM 7.1(7) and ASA 8.2 (1), my question is can I use the ASDM tool to update both to the latest version?

Will the asdm update the current config or will it wipe the existing config? I have a backup of the current but wanted to know if it is ok to go ahead and update to the latest or is there a update path I should follow.

Many thanks,
Simon

Dinesh Moudgil · ‎06-20-2016

Hello Simon,

You can not directly upgrade to 9.2 from 8.2 ASA version. First you need to upgrade to 8.4.6 and then to 9.2.1 or later.

As long as you are following the correct upgrade path, it won't matter whether it is done via CLI or ASDM.

Piece of advice :
There are significant/major changes when moving from pre 8.3 to post 8.3 version w.r.t to NAT and access-list so upgrade version by version as suggested here and make sure things are working as expected.

Here is another link for your reference related to upgrade from ASDM
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200142-ASA-9-x-Upgrade-a-Software-Image-using.html

Hope this helps.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎06-20-2016

Simon,

As I mentioned that syntax for nat and access-list have changed post 8.3. Ideally, when you upgrade, the ASA takes care of the nat and access-list but there are chances that access-list and nat might not work as expected. If the setup is critical , I'd suggest you open up a TAC case to confirm the upgrade goes smooth.

Here is the nat comparison chart for your reference:-
https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎06-20-2016

Hello Simon,

You can not directly upgrade to 9.2 from 8.2 ASA version. First you need to upgrade to 8.4.6 and then to 9.2.1 or later.

As long as you are following the correct upgrade path, it won't matter whether it is done via CLI or ASDM.

Piece of advice :
There are significant/major changes when moving from pre 8.3 to post 8.3 version w.r.t to NAT and access-list so upgrade version by version as suggested here and make sure things are working as expected.

Here is another link for your reference related to upgrade from ASDM
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200142-ASA-9-x-Upgrade-a-Software-Image-using.html

Hope this helps.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Simon.peters1 · ‎06-20-2016

Thank you very much for your detailed reply!

So if I upgrade version by version the config will be upgraded ok.

Thanks,
Simon

Dinesh Moudgil · ‎06-20-2016

Simon,

As I mentioned that syntax for nat and access-list have changed post 8.3. Ideally, when you upgrade, the ASA takes care of the nat and access-list but there are chances that access-list and nat might not work as expected. If the setup is critical , I'd suggest you open up a TAC case to confirm the upgrade goes smooth.

Here is the nat comparison chart for your reference:-
https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Simon.peters1 · ‎06-20-2016

Thanks very much!

A very helpful and detailed reply!

Dinesh Moudgil · ‎06-20-2016

Glad to help , Simon !

-Dinesh

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/