Wednesday, December 5, 2012

Upgrading an ASA5520 - IOS Upgrade 9.1

In order to create a port-channel between an ASA5520 and a 4948 I needed to upgrade the code. The process is very simple to say the least. For some reason I expected it to be difficult. The process I followed is below.

1. Confirm the feature set you are looking for is supported in the new code and look for any new potential gotchas. Its is customary to request a BUG SCRUB from Cisco before deploying any new code.

http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/asa_91_general_config.html

2. Download the code from the Cisco portal.

3. Confirm you have enough space for the new code. Use the DIR command.

Cisco-ASA5520-01# dir

Directory of disk0:/

129    -rwx  16275456     06:03:42 Jan 30 2011  asa821-k8.bin
130    -rwx  11348300     09:15:52 Jan 30 2011  asdm-621.bin
6      drwx  4096         00:03:46 Jan 01 2003  log
13     drwx  4096         00:03:54 Jan 01 2003  crypto_archive
14     drwx  4096         00:04:28 Jan 01 2003  coredumpinfo
132    -rwx  12105313     09:13:20 Jan 30 2011  csd_3.5.841-k9.pkg
133    drwx  4096         09:13:24 Jan 30 2011  sdesktop
134    -rwx  2857568      09:13:26 Jan 30 2011  anyconnect-wince-ARMv4I-2.4.1012-k9.pkg
135    -rwx  3203909      09:13:26 Jan 30 2011  anyconnect-win-2.4.1012-k9.pkg
136    -rwx  4832344      09:13:28 Jan 30 2011  anyconnect-macosx-i386-2.4.1012-k9.pkg
137    -rwx  5209423      09:13:30 Jan 30 2011  anyconnect-linux-2.4.1012-k9.pkg
118    -rwx  3080         13:40:55 Dec 05 2012  8_2_1_0_startup_cfg.sav
255582208 bytes total (170237952 bytes free)

4. Upload the code onto the device via tftp. Use the following command copy tftp disk0:/ and you will be prompted for the ip address of the tftp server, source file name, and press enter unless you want to change the name of the file once its uploaded, I never do. Confirm the MD5 key with what was show on the Cisco website.

5. Change your boot statement and confirm it took. I always like to setup two statements in case there are any issues with the first IOS code.;

config t
boot system disk0:/asa911-k8.bin
boot system disk0:/asa821-k8.bin
end
!
WR
!

Cisco-ASA5520-01# show bootvar

BOOT variable = disk0:/asa911-k8.bin;disk0:/asa821-k8.bin
Current BOOT variable = disk0:/asa911-k8.bin;disk0:/asa821-k8.bin;disk0:/end
CONFIG_FILE variable =
Current CONFIG_FILE variable =

6. Save your configuration and reload the device with the reload command.

7. Confirm your new code is running with the show version command.

Cisco-ASA5520-01# show version

Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 6.2(1)

Compiled on Wed 28-Nov-12 10:38 by builders
System image file is "disk0:/asa911-k8.bin"
Config file at boot was "startup-config"
Posted by at
Labels: , , ,
Location: Avenel, NJ 07001, USA

3 comments:

  1. AnonymousFebruary 15, 2013 at 11:18 PM

    Do you need a new Licence or does the old image licence still valid

    ReplyDelete
  2. AnonymousFebruary 16, 2013 at 4:07 PM

    same license is fine. I was not prompted for a new license.

    ReplyDelete
  3. susuultraSeptember 30, 2018 at 3:33 PM

    judi sabung ayam

    ReplyDelete

Subscribe to: Post Comments (Atom)