Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
240
Views
0
Helpful
7
Replies

ASA Upgrade

Go to solution
zietgiestt
Level 1
Level 1

‎05-02-2024 12:12 PM

Hello,

I have 3 ASAs I need to upgrade from 9.8(1)>9.16.4(57). 
Can anyone tell me if I need to go 9.8(1)>9.16.4>9.16.4(57)?

Or can I just go straight to the (57)?


Thanks,


0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎05-02-2024 12:16 PM

@zietgiestt you can upgrade directly from 9.8 to 9.16 (57) without an interim upgrade.

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#id_58680

 

View solution in original post

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to zietgiestt

‎05-02-2024 02:28 PM

@zietgiestt the output is normal on ASA hardware.

You'd see that other output if using the newer Firepower hardware.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Rob Ingram
VIP
VIP

‎05-02-2024 12:16 PM

@zietgiestt you can upgrade directly from 9.8 to 9.16 (57) without an interim upgrade.

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#id_58680

 

0 Helpful

Go to solution
zietgiestt
Level 1
Level 1

‎05-02-2024 12:46 PM

Thanks Rob

0 Helpful

Go to solution
zietgiestt
Level 1
Level 1

‎05-02-2024 01:20 PM

Rob(or anyone that knows),

1 more quick question...according to Cisco documentation, when I set the new boot system command, I should see this:

ciscoasa(config)# boot system disk0:/cisco-asa-fp1k.9.14.1.SPA

The system is currently installed with security software package 9.13.1, which has:
- The platform version: 2.7.1
- The CSP (asa) version: 9.13.1
Preparing new image for install...
!!!!!!!!!!!!!
Image download complete (Successful unpack the image).
Installation of version 9.14.1 will do the following:
- upgrade to the new platform version 2.8.1
- upgrade to the CSP ASA version 9.14.1
After the installation is complete, reload to apply the new image.
Finalizing image install process...

Install_status: ready...........
Install_status: validating-images.....
Install_status: update-software-pack-completed
ciscoasa(config)#

However, I actually only see this:

ASA-PRI(config)# boot system flash:/asa9-16-4-57-lfbff-k8.SPA
INFO: Converting flash:/asa9-16-4-57-lfbff-k8.SPA to disk0:/asa9-16-4-57-lfbff-k8.SPA
ASA-PRI(config)#

 

Is this normal?


Thanks,

 

 

 

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to zietgiestt

‎05-02-2024 01:33 PM - edited ‎05-02-2024 01:48 PM

@zietgiestt you are using ASA hardware not Firepower hardware?

FYI, in version 9.13 weak crypto was depreciated. If you are using VPNs ensure you are not using weak DH groups, encryption and integrity before upgrading.

0 Helpful

Go to solution
zietgiestt
Level 1
Level 1
In response to Rob Ingram

‎05-02-2024 02:09 PM

asa 5506 

Thanks for the heads up on the vpn tunnels. I'm actually using what will be a deprecated DH group in one of my tunnels

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to zietgiestt

‎05-02-2024 02:28 PM

@zietgiestt the output is normal on ASA hardware.

You'd see that other output if using the newer Firepower hardware.

0 Helpful

Go to solution
zietgiestt
Level 1
Level 1
In response to Rob Ingram

‎05-02-2024 02:30 PM

Thanks again Rob...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card