Dec 10

Upgrading a Cisco ASA5525-X

Recently I had the opportunity to setup two brand new Cisco ASA 5525-X firewalls. I have setup brand new ASA 5510’s, 5520’s, 5540’s and even a pair of 5585-20’s, but this was the first time I was able to work with the new 5500-X series.

As always, the first step after getting it out of the box and powered up is to upgrade the software that it’s running. Normally I have to configure a port with an IP, set an IP on my laptop with an IP in that subnet and then use TFTP. (Of course you need to download the correct version from www.cisco.com)


Knowing that the USB port didn’t work on the 5500 series, I inserted a USB memory stick to find out that the USB port on this 5525-X doesn’t work.

I then connected my laptop to the Management port on the ASA. My laptop pulled a DHCP address from the ASA of 192.168.1.2. I was then able to easily issue the TFTP commands and transfer the IOS image without having to set a single IP address. Kudos to Cisco for this feature.

After transferring the software to the flash, I modified the boot statement. I don’t like to remove the old IOS just in case the new file is corrupt or isn’t found located for some reason. I issued the following commands to change the order of boot to make sure the new file is first.

The first command adds the new boot statement, the 2nd line removes the old boot statement, then the 3rd line adds the old boot statement back in so it is in the correct order. Then save your configuration and reload.

ciscoasa(config)# boot system disk: 0:/asa912-smp-k8.bin
ciscoasa(config)# no boot system disk0:/asa861-2-smp-k8.bin
ciscoasa(config)# boot system disk0:/asa861-2-smp-k8.bin

ciscoasa# wr mem
Building configuration…
Cryptochecksum: 318f9d39 9785f6db 6c97e495 79369448
2851 bytes copied in 0.640 secs
[OK]
ciscoasa#

Cisco did a good job adding the DHCP feature on the management port to make the upgrade easy.

What other devices have you used that the vendor did a good job at making the software upgrade easy?

Please share your experiences with upgrading the ASA’s, any good or bad experiences you can share?

If you enjoyed this article, please consider sharing it with the social media icons below!!

May 07

Do you read the release notes for software updates?

Over the past years I have meet many people and watched how they pick their software for their network equipment. Sometimes they pick a good version and other times, it’s crash and burn. Learning from past co-workers I have learned to always read the release notes for that software version.

Sometimes the release notes are a few hundred pages, so I sift through every single page. I try to pick out the parts that apply to me and skip the rest. There are a few things that I look for when I read through the release notes.



Things I look for when reading the release notes of a new software version

1. Compatibility with my hardware.
– Will all of my line cards work?
– Do I have enough memory?
– Are all of my Wireless Access Points supported?
– Are all of my IP Phones and voice gateways supported?
2. Are there incremental upgrades, or can I go directly to this version?
3. What are the new features that may relate to me?
4. What configuration changes have been made
– Cisco ASA 8.3 code is a great example of this. NAT Completely changed in this version.
5. What are the known caveats? Do they apply to me and my hardware?
6. If I’m upgrading to resolve a Bug, is that bug listed? Is it in the list of resolved caveats?
7. Any performance information to be learned?
8. Upgrade directions

Through reading the release notes I have found some very interesting things, Below I have listed a few of them.

– I have to start this off with the Cisco ASA 8.3 release notes. Cisco changed the way NAT was used. This was a major change and Cisco dedicated many pages in the release notes to the new changes. If I wouldn’t have read the release notes the upgrade would have been a disaster.

– There was a version of software for one of the routers we use that didn’t really encrypt the IPSEC packets. Moved on to the next release and made sure that caveat was resolved, it was.

– I was going to upgrade to be able to add a new line card. I found out that the line card wouldn’t run as many line rate ports if there were specific types of line cards in the chassis. We had those line cards, so the number of line rate ports went way down. This was disappointing, but better to find out now then a year later when customers were complaining of slow connections.

– Where to place the OS file to get it to boot? It will tell you. I failed to look and turned my device into a brick. Now I always read where to put the software on the device.

– The Brocade MLXe is not a simple device to upgrade. There are multiple files that need to be copied to the management modules and then again to the line cards. The release notes spell it all out and make it a lot easier then what it seems.


What wild and crazy things have you found by reading the release notes?
What have you broke because you didn’t read the release notes?
Tell us about your stories about reading or not reading the release notes