Showing results for 
Search instead for 
Did you mean: 

need help to upgrade ASA 5540 in failover


I have 2 ASA 5540 in our network. I want to upgrade it from 8.0.4 to 8.4.3. I want assistance in the configuration because I know that there is a change a configuration while migrating from 8.0.4 to 8.4.3.

Is there any tool available on Internet that helps me to convert the current configuration computable to 8.4.3

Thanks in advance.

Sent from Cisco Technical Support iPhone App


need help to upgrade ASA 5540 in failover


To my knowledge there is no official tool for this but I have never really looked for one.

If you simply boot the device with the new software the ASA will automatically convert the old configurations but this might not be ideal. (Though I have little expirience on how the conversion goes as I dont use it myself)

If you want to risk the redudancy of the current network you could always remove the Standby firewall, boot it with new software and see how the configurations are converted. There will ofcourse be the problem on how you are going to confirm that the automatically converted configuration work. You might probably be looking at network downtime in any case.

If you have some NAT configurations that you need the new format configurations for I could try to help you there. Give you some samply configurations that you could then apply to rewrite the configurations.

Also "packet-tracer" is an excellent tool to test the NAT and ACL rules on the ASA itself before and after upgrade of software.

- Jouni

VIP Mentor

Re: need help to upgrade ASA 5540 in failover

The config will be migrated if you follow the supported upgrade-way. You have to first upgrade to 8.2 and then to 8.3 and then to 8.4. If you upgrade directly from 8.0 to 8.4, the config will not be migrated. With the supported way you can upgrade without any service-interruption.

Before upgrading you should read the release-notes and the Migration-guide:

But be prepared to clean up the config after the migration to 8.3. Depending on your actual config, the automatically generated config will be a mess.

Sent from Cisco Technical Support iPad App