Sysadmin > CiscoFirewall > ASAUpgrade82To84
Cisco ASA Upgrade from 8.2 to 8.4
Normally the upgrade is very smooth and easy, but this upgrade is tricky, because changes the NAT grammar completly ande some other stuff. The new grammar is much easier.flash befor upgrade
13 32768 Dec 22 2011 08:48:16 coredumpinfo
14 43 Dec 22 2011 08:48:16 coredumpinfo/coredump.cfg
96 17786880 Dec 22 2011 08:49:16 asa825-smp-k8.bin
97 16280544 Dec 22 2011 08:49:42 _asdm-645.bin
106 31057920 Jan 06 2012 06:37:51 _asa842-8-smp-k8.bin
3 32768 Dec 22 2011 08:53:30 log
12 32768 Dec 22 2011 08:53:50 crypto_archive
107 17232256 Jan 06 2012 06:38:16 asdm-645-206.bin
99 12998641 Dec 22 2011 08:54:02 csd_3.5.2008-k9.pkg
100 32768 Dec 22 2011 08:54:04 sdesktop
105 1462 Dec 22 2011 08:54:04 sdesktop/data.xml
101 6487517 Dec 22 2011 08:54:04 anyconnect-macosx-i386-2.5.2014-k9.pkg
102 6689498 Dec 22 2011 08:54:06 anyconnect-linux-2.5.2014-k9.pkg
103 4678691 Dec 22 2011 08:54:06 anyconnect-win-2.5.2014-k9.pkg
flash after upgrade
--#-- --length-- -----date/time------ path
13 32768 Dec 22 2011 08:48:16 coredumpinfo
14 59 Jan 06 2012 06:51:51 coredumpinfo/coredump.cfg
102 16280544 Dec 22 2011 08:49:42 _asdm-645.bin
88 0 Jan 06 2012 06:51:51 nat_ident_migrate
103 31057920 Jan 06 2012 06:37:50 asa842-8-smp-k8.bin
3 32768 Dec 22 2011 08:53:30 log
6 32768 Dec 22 2011 08:53:50 crypto_archive
105 17232256 Jan 06 2012 06:38:16 asdm-645-206.bin
106 12998641 Dec 22 2011 08:54:02 csd_3.5.2008-k9.pkg
107 32768 Dec 22 2011 08:54:04 sdesktop
113 1462 Dec 22 2011 08:54:04 sdesktop/data.xml
108 6487517 Dec 22 2011 08:54:04 anyconnect-macosx-i386-2.5.2014-k9.pkg
109 6689498 Dec 22 2011 08:54:06 anyconnect-linux-2.5.2014-k9.pkg
110 4678691 Dec 22 2011 08:54:06 anyconnect-win-2.5.2014-k9.pkg
111 17786880 Dec 22 2011 08:49:16 _asa825-smp-k8.bin
89 3063 Jan 06 2012 06:51:51 8_2_5_0_startup_cfg.sav
112 1138 Jan 06 2012 06:51:51 upgrade_startup_errors_201201060651.log
upgrade log with the factory default config
The ASA shows this log also while upgrading the config during boot.
ciscoasa# more flash:/upgrade_startup_errors_201201060651.log
INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201201060651.log'
Reading from flash...
!
REAL IP MIGRATION: WARNING
In this version access-lists used in 'access-group', 'class-map',
'dynamic-filter classify-list', 'aaa match' will be migrated from
using IP address/ports as seen on interface, to their real values.
If an access-list used by these features is shared with per-user ACL
then the original access-list has to be recreated.
INFO: Note that identical IP addresses or overlapping IP ranges on
different interfaces are not detectable by automated Real IP migration.
If your deployment contains such scenarios, please verify your migrated
configuration is appropriate for those overlapping addresses/ranges.
Please also refer to the ASA 8.3 migration guide for a complete
explanation of the automated migration process.
INFO: MIGRATION - Saving the startup configuration to file
INFO: MIGRATION - Startup configuration saved to file 'flash:8_2_5_0_startup_cfg.sav'
*** Output from config line 4, "ASA Version 8.2(5) "
Real IP migration logs:
No ACL was changed as part of Real-ip migration
Upgrade script
enable copy /noconfirm tftp://192.168.1.10/asa842-8-smp-k8.bin flash:/asa842-8-smp-k8.bin copy /noconfirm tftp://192.168.1.10/asdm-645-206.bin flash:/asdm-645-206.bin rename /noconfirm flash:/asa825-smp-k8.bin flash:/_asa825-smp-k8.bin rename /noconfirm flash:/asdm-645.bin flash:/_asdm-645.bin reload noconfirmHave alook into the upgrade log and if the machine boots fine -> delete unneccessary files
delete /noconfirm flash:/upgrade_startup_errors_201201060720.log delete /noconfirm flash:/8_2_5_0_startup_cfg.sav delete /noconfirm flash:/_asa825-smp-k8.bin delete /noconfirm flash:/_asdm-645.bin
