Home > OFF TOPIC > ASA upgrade

ASA upgrade

I had to be in the office on a Saturday and decided to use the opportunity to upgrade my ASA and patch it in light of the recent security alerts.

The process was easy. Copied the latest IOS and ASDM images to flash using CLI and using pointed the router to load the new files using ASDM.

This is the before and after show version

ASA# show version

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders
System image file is “disk0:/asa821-k8.bin”
Config file at boot was “startup-config”

ASA# show version

Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.2(5)

Compiled on Mon 11-Jan-10 14:19 by builders
System image file is “disk0:/asa822-k8.bin”
Config file at boot was “startup-config”

And this is how ASDM show this same info after the upgrade:

ASA ASDM after IOS upgrade

Advertisements
  1. Andrey
    February 22, 2010 at 1:39 pm

    With all due respect, the ASA version mentioned is not the one which fixes latest security problems. According to Cisco, this one does:

    Cisco Adaptive Security Appliance Software Version 8.2(2)4
    Device Manager Version 6.2(5)

    Compiled on Wed 03-Feb-10 14:17 by builders
    System image file is “disk0:/asa822-4-k8.bin”
    Config file at boot was “startup-config”

    http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml

    • February 23, 2010 at 2:33 pm

      Andrey,
      thanks for opening my eyes. I’ve downloaded the latest IOS from Cisco’s web site and obviously failed to look at the date (didn’t think I have to – lesson learned!)
      BUT when I opened Cisco’s download page again I saw that asa822-4-k8.bin does not show as an option…
      I since opened a TAC ticket and received a link to download the latest version, now waiting for an answer on WHY they do not provide it on teh web site.
      I just wonder – did you get it off the Cisco download page or via TAC?

      • Andrey
        February 25, 2010 at 3:14 pm

        Rofi,
        If you follow the link I provided, in the section “Software Versions and Fixes”, right under that big table, you’ll find the link to the version I mentioned. This is considered “interim update” and they never put such in the regular update section of the website. Why? I don’t know. (and don’t even let me started about their website …).
        I’ve got the link through US-CERT Current Activity mailing list. If security issues is your concern, I’d recommend to subscribe at http://www.us-cert.gov/ It’s a must have.

        • February 25, 2010 at 3:30 pm

          Andrey,
          correct, with all the information on those links I missed this download link. at least I made TAC work for my money 😉
          and yes, us-cert.gov is a great site, I’ve known it for years.

  2. February 22, 2010 at 9:07 am

    It’s did this same upgrade the other night on a set of 5540s. My ASA, however, was in an active-standby pair, so I was able to do it without service interruption. Since the major and minor revisions (8.2) are the same, the ASAs can be run on the two different OSes. You simply upgrade the standby, fail it over when it comes back, and repeat the process. Simple!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: