Cisco asa 5505 upgrade
This can be tricky and I strongly recommend consulting the documentation on your specific versions to select a proper upgrade path. For ASA55YY-X series, there is no 8.4, so we must be at 8.6 That is if version 8.4 is available for our platform. To upgrade to 9.x, we must be running a 8.3 or 8.4.For example, to upgrade from 7.x to 8.x, we must be at 7.2 which is the last minor version within the 7.x train. Upgrading from one major release to the next is possible only from the last *minor* release.We should go from 7.0 to 7.1 and then to 7.2 For instance, we cannot upgrade from 7.0 to 7.2 directly. To upgrade from one minor release to another, we cannot skip a minor release number.For example we can go from 8.0(2) directly to 8.0(5) We can upgrade from any version to any other version within the same major and minor version.Some rules apply when constructing the upgrade path: The “X” is the major release number, the “Y” is minor number and the “Z” is the maintenance release number. Now reaching 8.2 can also be tricky! Cisco names ASA versions this way: asaXYZ.bin. Or should I say Cisco only supports upgrading to 8.3 from 8.2. If we would like to upgrade to 8.3, we must be at version 8.2.
CISCO ASA 5505 UPGRADE CODE
For example, the version 8.3 is my favorite, because of the new NAT syntax and changes in how we code our ACLs. What is this upgrade path? This is an array of code versions that must be applied in specific order from the current to the version we want to go to. Of course this was my lab setup and again – follow the upgrade path! I had one small configuration on the 5510, with just a few routes, ACLs with no NAT, and I did an upgrade from 7.0 to 9.1 without breaking anything. I mean the ASA will boot the new code, but the new code may not parse the old configuration properly and some functions may not work (or should I say will not work). We should take this seriously! What I mean by this is that if you go for an upgrade from 7.2 to 9.1 it *will* work. There are so called upgrade paths we must follow. Now one more important thing about upgrading. So, for example, if we bought the ASA5520 before February 2010, we first need a memory upgrade and then we can go for an upgrade. Internal Flash Memory (Default Shipping) 1, 2Īfter Feb. There is another thing we must take into consideration when planning fro an upgrade – memory requirements. Of course, with the appropriate memory upgrade.
One thing I would like to point here out: the old platforms (5505, 5510, 5520, 55), contrary to what some Cisco (?) engineers said to me, *can* run the new code, as stated in the table above. Here is the matrix from that can help us determine which version can be run on which platform:ĪSA 5512-X, 5515-X, 5525-X, 5545-X, 5555-XĪSDM 6.0(2) and later. We have to know this compatibilities, because trying to upgrade 5520 from 8.2 to 8.7 would be a horrible idea. The new versions of ASA appliances, called “ The ASA Next Generation Firewall”, the ones with an “X” in its name run only 8.6 or 9.x, except for the 5585-X which van run older code, and the “old guys”, 55xx can run 7.x, 8.0, 8.1, 8.2, 8.3, 8.4 and 9.x, but cannot run 8.5, 8.6 or 8.7. The ASASM (“ ASA Service Module”) can only run 8.5 or 9.x. For example, “ Cisco ASA 1000V cloud firewall” can only run 8.7 version. Not all ASAs can run any version of code. Cisco ASA now days can run three generations of code, depending on the hardware platform and memory installed.