Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
0
Helpful
1
Replies

Zero downtime IOS upgrade of failover pair !!!

Fernando_Meza
Level 7
Level 7

‎08-26-2008 09:44 PM - edited ‎03-11-2019 06:36 AM

Hi Netpros,

I am planing to upgrade a failover currently running 8.0(3) to 8.0(4)- image file name asa804-k8.bin. I believe according to Cisco doco http://www.cisco.com/en/US/customer/docs/security/asa/asa70/configuration/guide/mswlicfg.html#wp1056373

... it should be possible to perform this without causing downtime due to the fact that 8.0(3) and 8.0(4) will be able to establish failover when the secondary firewall reloads with the new image. Can anybody please confirm this .. hopefully a Cisco TAC person :-)

Cheers,

below the current IOS ..

Cisco Adaptive Security Appliance Software Version 8.0(3)

Device Manager Version 6.0(3)

Compiled on Tue 06-Nov-07 22:59 by builders

System image file is "disk0:/asa803-k8.bin"

Config file at boot was "startup-config"

SydPixFirewall up 6 days 21 hours

failover cluster up 6 days 21 hours

Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CN1000-MC-BOOT-2.00

SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0 : address is 001d.7066.78ae, irq 9

1: Ext: GigabitEthernet0/1 : address is 001d.7066.78af, irq 9

2: Ext: GigabitEthernet0/2 : address is 001d.7066.78b0, irq 9

3: Ext: GigabitEthernet0/3 : address is 001d.7066.78b1, irq 9

4: Ext: Management0/0 : address is 001d.7066.78ad, irq 11

5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 150

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 750

WebVPN Peers : 2

AnyConnect for Mobile : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled

This platform has an ASA 5520 VPN Plus license.

Labels:
0 Helpful
1 Reply 1

Fernando_Meza
Level 7
Level 7

‎08-27-2008 12:47 AM

Hi ..

I decided to go ahead and tried anyway .. the results .. " I did not have any down time "

:-)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card