Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
994
Views
25
Helpful
12
Replies

Upgrade ASA Version

wynneitmgr
Level 3
Level 3

‎01-18-2021 08:47 AM

I am having an issue with Cisco AnyConnect connecting to our ASA Firewall VPN. I have been working with Cisco TAC on the case and they told me I need to update my ASA Version. Is there any documentation on current ASA versions and how to update? 

 

Here is what I currently have:

ASA Version: 9.8(2)20

ASDM Version: 7.9(1)151

Device Type: ASA 5508

 

Thank you!

Labels:
0 Helpful
12 Replies 12

wynneitmgr
Level 3
Level 3
In response to Rob Ingram

‎01-18-2021 08:56 AM

@Rob Ingram 

Thanks Rob! Should I do the upgrade to 9.8.4 after hours? Will the ASA restart after upgrading? Thank you.

0 Helpful

Rob Ingram
VIP
VIP
In response to wynneitmgr

‎01-18-2021 09:00 AM

Yes, definitely after hours, there will an outage during reboot.

HTH

0 Helpful

wynneitmgr
Level 3
Level 3
In response to Rob Ingram

‎01-18-2021 09:00 AM

@Rob Ingram 

@balaji.bandi 

I tried the two links to download ASA and ASDM software but niethr links worked, so I tried to update through ASDM and it only shows upgrade to 9.8.4

asasoftware.pngasaupgrade.png

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to wynneitmgr

‎01-18-2021 09:07 AM

Can you post show version and dir from your ASA ?  - are you upgrading from ASDM ? suggest to do it in console also your ASDM verion may have issue.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

wynneitmgr
Level 3
Level 3
In response to balaji.bandi

‎01-18-2021 09:10 AM

@balaji.bandi 

@Rob Ingram 

Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 9.8(2)20
Firepower Extensible Operating System Version 2.2(2.63)
Device Manager Version 7.9(1)151

Compiled on Fri 02-Feb-18 06:10 PST by builders
System image file is "disk0:/asa982-20-lfbff-k8.SPA"
Config file at boot was "startup-config"

WYNNE-ASA5508-X up 59 days 22 hours

Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1

1: Ext: GigabitEthernet1/1 : address is 380e.4d86.8b43, irq 255
2: Ext: GigabitEthernet1/2 : address is 380e.4d86.8b44, irq 255
3: Ext: GigabitEthernet1/3 : address is 380e.4d86.8b45, irq 255
4: Ext: GigabitEthernet1/4 : address is 380e.4d86.8b46, irq 255
5: Ext: GigabitEthernet1/5 : address is 380e.4d86.8b47, irq 255
6: Ext: GigabitEthernet1/6 : address is 380e.4d86.8b48, irq 255
7: Ext: GigabitEthernet1/7 : address is 380e.4d86.8b49, irq 255
8: Ext: GigabitEthernet1/8 : address is 380e.4d86.8b4a, irq 255
9: Int: Internal-Data1/1 : address is 380e.4d86.8b42, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is 380e.4d86.8b42, irq 0
14: Int: Internal-Data1/4 : address is 0000.0100.0001, irq 0

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 100 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 100 perpetual
Total VPN Peers : 100 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 320 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
VPN Load Balancing : Enabled perpetual

Serial Number: JAD2146069V
Running Permanent Activation Key: 0xce15d079 0xdc2cf86b 0x18619ddc 0x96d0dcc4 0x0f0532bc
Configuration register is 0x1
Image type : Release
Key Version : A
Configuration last modified by admin at 13:49:03.145 CST Wed Jan 13 2021

 

 

Result of the command: "dir"

Directory of disk0:/

106 -rwx 35327062 06:30:48 Apr 04 2018 anyconnect-win-4.5.04029-webdeploy-k9.pkg
107 -rwx 33 13:49:05 Jan 13 2021 .boot_string
11 drwx 4096 19:21:22 Nov 15 2017 log
23 drwx 4096 06:30:20 Jul 13 2019 crypto_archive
24 drwx 4096 19:22:16 Nov 15 2017 coredumpinfo
108 -rwx 108621984 06:00:00 Apr 04 2018 asa982-20-lfbff-k8.SPA
109 -rwx 29197128 06:00:32 Apr 04 2018 asdm-791-151.bin
110 -rwx 25154848 06:31:22 Apr 04 2018 anyconnect-macos-4.5.04029-webdeploy-k9.pkg
111 -rwx 2536 14:41:36 Apr 12 2018 wynnetr.xml
112 -rwx 12722977 16:07:56 Aug 09 2018 anyconnect-macosx-i386-3.1.10010-k9.pkg
113 -rwx 685761 04:21:38 Apr 03 2020 crashinfo_20200403_042024_UTC
119 -rwx 22857 10:55:04 Jan 18 2021 oldconfig_2021Jan18_1655.cfg

9 file(s) total size: 211735186 bytes
7365472256 bytes total (3928883200 bytes free/53% free)

 

0 Helpful

Rob Ingram
VIP
VIP
In response to wynneitmgr

‎01-18-2021 09:26 AM

You are on 9.8.2, the screenshot shows 9.8.4 is available - can you not tick the box to select 9.8.4 then click next to install? Did you follow the instructions in the guide when it asks you to upload the file?

wynneitmgr
Level 3
Level 3
In response to Rob Ingram

‎01-18-2021 09:29 AM

@Rob Ingram 

@balaji.bandi 

Yes, I am able to check the box, however, I want to wait until after hours to do the actual upgrade.

 

Also, Cisco TAC told me the newest version is 9.14.2. Can I go straight to version 9.14.2 from my current version or do I have to upgrade all the version in between?

0 Helpful

Rob Ingram
VIP
VIP
In response to wynneitmgr

‎01-18-2021 09:33 AM - edited ‎01-18-2021 09:36 AM

Ok, I assume you meant you couldn't upgrade via ASDM. That screenshot is normal, just follow the guide provided.

Yes you can upgrade directly to 9.14 from 9.8, no need for interim upgrades. However 9.8.4 is the cisco gold star recommended version for your hardware. The newer versions do provide additional features that 9.8.4 would not have, so it's up to you.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#id_58680

wynneitmgr
Level 3
Level 3
In response to Rob Ingram

‎01-18-2021 09:37 AM

@Rob Ingram 

@balaji.bandi 

 

I will just stick with 9.8.4 since it is the recommended version for my hardware. Thanks!

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to wynneitmgr

‎01-18-2021 09:26 AM

bcause of your ASDM the new version not showing,

 

you can use command level to upgrade as below example :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/asa-appliance-asav.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

balaji.bandi
Hall of Fame
Hall of Fame

‎01-18-2021 08:53 AM

DUPLICATE

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents