Upgrading ROMMON and rebooting an ASA running site to site VPNs

phil96564 · ‎06-22-2021

Hi all

I need to upgrade the ROMMON on two ASAs that are running site to site VPNs. They are currently running versions 1.1.14 and 1.1.8 and need to go up to 1.1.15. The upgrade process involves a reboot so

1. will the VPNs automatically come back up afterwards?

2. Does anyone know of any issues surrounding VPNs when upgrading the ROMMON, for example to do with deprecated ciphers or any other such thing?

Thanks in advance,

Phil.

Sheraz.Salim · ‎06-22-2021

It would be good if you upgrade the ROMMON software while you are connected via console. but yes once the ROMMON is upgraded and firewall come up the vpn will re-connect itself (as long as the interested traffic is generated).

prior to do the ROMMON upgrade read the release notes and also read the release note of the software you running on the ASA code.9.x

Does anyone know of any issues surrounding VPNs when upgrading the ROMMON, for example to do with deprecated ciphers or any other such thing?

-nope nothing to worry about.

please do not forget to rate.

rschlayer · ‎06-22-2021

Hey @phil96564

Changing ROMMON software will normally not mess with the ASA image.

Therefore, there will be no cipher change or any other change in functionality of the ASA software.

As the other post said definitely connect via console and give it time (do not power cycle the device while upgrading)

Please consult the release notes before upgrading your ROMMON.

BR
Rick

phil96564 · ‎06-22-2021

Thanks for your replies folks. Much appreciated.