Upgrading a Cisco ASA5525-X

Recently I had the opportunity to setup two brand new Cisco ASA 5525-X firewalls. I have setup brand new ASA 5510’s, 5520’s, 5540’s and even a pair of 5585-20’s, but this was the first time I was able to work with the new 5500-X series.

As always, the first step after getting it out of the box and powered up is to upgrade the software that it’s running. Normally I have to configure a port with an IP, set an IP on my laptop with an IP in that subnet and then use TFTP. (Of course you need to download the correct version from www.cisco.com)


Knowing that the USB port didn’t work on the 5500 series, I inserted a USB memory stick to find out that the USB port on this 5525-X doesn’t work.

I then connected my laptop to the Management port on the ASA. My laptop pulled a DHCP address from the ASA of 192.168.1.2. I was then able to easily issue the TFTP commands and transfer the IOS image without having to set a single IP address. Kudos to Cisco for this feature.

After transferring the software to the flash, I modified the boot statement. I don’t like to remove the old IOS just in case the new file is corrupt or isn’t found located for some reason. I issued the following commands to change the order of boot to make sure the new file is first.

The first command adds the new boot statement, the 2nd line removes the old boot statement, then the 3rd line adds the old boot statement back in so it is in the correct order. Then save your configuration and reload.

ciscoasa(config)# boot system disk: 0:/asa912-smp-k8.bin
ciscoasa(config)# no boot system disk0:/asa861-2-smp-k8.bin
ciscoasa(config)# boot system disk0:/asa861-2-smp-k8.bin

ciscoasa# wr mem
Building configuration…
Cryptochecksum: 318f9d39 9785f6db 6c97e495 79369448
2851 bytes copied in 0.640 secs
[OK]
ciscoasa#

Cisco did a good job adding the DHCP feature on the management port to make the upgrade easy.

What other devices have you used that the vendor did a good job at making the software upgrade easy?

Please share your experiences with upgrading the ASA’s, any good or bad experiences you can share?

If you enjoyed this article, please consider sharing it with the social media icons below!!

This entry was posted in Network Security and tagged , , , by Scape. Bookmark the permalink.

About Scape

Over 10 Years in the networking field. Have worked in the Service provider and Enterprise environments. I have worked with Cisco, Foundry/Brocade, F5, Riverbed, Scientific Atlanta, Routers, Switches, Firewalls, Load Balancers, WAN Accelerators, DWDM, SONET, Multicast etc...

One thought on “Upgrading a Cisco ASA5525-X

  1. I found the 5515X to be failry simple and liked the management interface and its ease of use . the CX though was not so straight forward with FTP being used but more importantly the documentation a bit wishy washy. I eagerly got onto mine and wanted to do it all from the CLI so impatiently tried to get to it and thought it must need software so recovered it which was not fun. Turns out it just takes a while to warm up. There was an issue too going from 9.11 to 9.13 (may have the versions wrong) that meant you had to upgrade to 9.12 first but the error message was about as clear as mud. Have you been impressed by the performance punch on the new generation?

Leave a Reply