Upgrade to 8.4(5).6 path from 8.2.x

patoberli · ‎04-10-2013

Hello

We currently use old ASA-5520 which we replace with brand new ASA-5585-X. The 5520 is currently running 8.2.x and the target on the 5585-x should be 8.4(5).6. We use quite a bit of NAT, mostly with dynamic rules (assign a pool of external addresses for our internal users) and also quite some expemtions.

We also use CSM 4.4 to manage our firewalls.

I thought about doing the migration like this:

Downgrade 5585-x to 8.2(5).41 and copy the configuration (with modifications to the interfaces) from the old firewall to the new one.

Upgrade the software to 8.4(5).6 and hope that all the configuration gets migrated correctly.

Discover the device in CSM and do a big cleanup and grouping of all the now single line access rules.

Do you see any possible problems with this?

We don't have nat-control enabled.

Thanks

Patrick

lcambron · ‎04-10-2013

Hello,

I don't see any issue with your action plan.

However upgrade from 8.2 to 8.3 and higher as you know has major changes.

So you need to be aware of the new NAT syntax for any possible NAT change needed.

You can check this best practices guide as well:

https://supportforums.cisco.com/docs/DOC-26640#Best_practices_while_upgrading_from_pre83_to_the_83above

Regards,

Felipe.

patoberli · ‎04-10-2013

That's actually the reason why I first want to migrate within 8.2 to the new hardware and then upgrade to 8.4.x, in the hope that the asa will correctly update my configuration

I guess I'll make today or tomorrow my first upgrade attempts.