- Cisco asa 5505 software upgrade procedure upgrade#
- Cisco asa 5505 software upgrade procedure portable#
- Cisco asa 5505 software upgrade procedure download#
It will show in the console that its sending config to mate. Reload the primary, that is now standby and wait for it up come up. This time you will be connected to the second node, that is not the active node. When doing the failover you might lose the SSH connection, just connect again. So now the secondary node is booted with the new firmware, time to failover to it so we can reload and have the new firmware running on the primary node. # Look at the output from show failover, check if the standby is up and verify the firmware version. # Reload the standby node for the new firmware to take effectĭS-ESB-ASA5516x(config)# failover reload-standby # Add new boot image that you just uploadedĭS-ESB-ASA5516x(config)# boot system disk0:/asa9-13-1-lfbff-k8.SPA # Show current boot imageĭS-ESB-ASA5516x# show running-config boot systemīoot system disk0:/gf/asa982-20-lfbff-k8.SPAĭS-ESB-ASA5516x(config)# no boot system disk0:/gf/asa982-20-lfbff-k8.SPA First, we remove the existing boot image, and afterwards, we set the new image together with the new ASDM image. So now we will change over the config so that it will use the new boot images that we have uploaded. # PrimaryĭS-ESB-ASA5516x# copy /noconfirm t disk0:/asa9-13-1-lfbff-k8.SPAĭS-ESB-ASA5516x# copy /noconfirm t disk0:/asdm-7131.binĭS-ESB-ASA5516x# failover exec mate copy /noconfirm t$ĭS-ESB-ASA5516x# failover exec mate copy /noconfirm t$ Change config to the new image Copied the freshly downloaded images to both nodes.
Cisco asa 5505 software upgrade procedure portable#
I used the portable version of Tftpd64 by Jounin, simple and works out of the box. Uploading the images to both nodes with TFTP.
Cisco asa 5505 software upgrade procedure download#
Download and upload firmware to BOTH members of the cluster.I were on 9.8.2 and could go up to 9.13.x.
Cisco asa 5505 software upgrade procedure upgrade#
Have a look at the cisco ASA upgrade guide, to see what version you and on and what is supported to go up to.It’s not something I do often, and I always forget to write down to procedure, so here goes.
Great, now we know the problem and the fix is to upgrade ASA firmware. Due to a bug, the firmware did a memory buffer overflow when being hit by a specific udp/500 attack. But why and how.Ĭontact with Conscia Cisco support could confirm that the exact issue has been hitting multiple customers. After the ASA booted they both became active again and could see each other. So I told them to do a hard reboot on both firewalls. And did not come up again! Customer needs to get online again, so there was no time to get a console cable and see what the heck was going on. It needed a physical reboot.īefore having the chance to have someone onsite locate the firewall and reboot it that secondary also died. It crashed in a way that meant that it did not come up again. Always nice when a customer calls in with the problem of there primary ASA being down. The last critical bug I was not informed about, so didn’t catch it before the customer did.
Cisco seems to have a good track record of there products, but I must say that there ASA firewalls have seen a lot of critical bugs in the last couple of years.
0 kommentar(er)
