Introduction:
This document describes the different methods of uploading new IOS in ASA.
Scenario 1
Upgrading an ASA from FTP:
copy ftp://[username[:password]@]<SERVER>[/path]/filename {flash:/ | disk0:/ | disk1:/}[path/]filename
Example:
copy ftp://pshanubh:*********@10.250.0.11/asa803-19-k8.bin disk0:/asa803-19-k8.bin
Upgrading an ASA from HTTPS:
copy http[s]://[username[:password]@]<SERVER>[:port][/path]/filename {flash:/ | disk0:/ | disk1:/ }[path/]filename
Example:
copy http://pshanubh:********@10.250.0.11:80/asa803-19-k8.bin disk0:/asa803-19-k8.bin
Upgrading an ASA from SSh/SCP:
--> Enable SCP on the ASA
To use the SCP method, you must first enable it on the firewall:
hostname(config)# ssh scopy enable
--> Copying files to the ASA
From a Unix/Linux host with OpenSSH or Tectia SSH installed:
Enter the following command:
scp –v <filename> username@asa_address
Ex:
scp –v asa803-19-k8.bin pshanubh@10.88.9.1
Scenario 2:
User planning to migrate his ASA 5520 from 8.2 to 8.3 and we need help to finalize this issue because currently a lot of services running on firewall like:
- SSL-VPN connections
- Site-To-Site VPN connections
- NATing, Access-lists
- Internet service
Solution:
There are literally dozens of documents on this site and Cisco's ASA Product Support page (plus many other sites) that address the upgrade procedure and considerations you should be aware of.
Please start with the following:
https://supportforums.cisco.com/document/48646/asa-83-upgrade-what-you-need-know
https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples
https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli
