Cisco ASA Upgrade from 7.0(8) to 8.2(1)
Hi, i need to upgrade my 5510 ASA from 7.0(8) to 8.2(1) ( Please note its different query from my last thread)
what i found online is i will have to do this upgrade in sequence, that is
7.0.x -> 7.2.x --> 8.0.x --> 8.2.1
is that correct?
or i will go to 7.1.x first? like this
7.0.x--> 7.1.x -> 7.2.x --> 8.0.x --> 8.1.x--> 8.2.1
Please guide, Also i am assuming, reboot required after every upgrade right?
ok, i found something on another Cisco document. that is what i thought
To ensure that your configuration updates correctly, you must upgrade to each major release in turn. Therefore, to upgrade from Version 7.0 to Version 8.2, first upgrade from 7.0 to 7.1, then from 7.1 to 7.2, and finally from Version 7.2 to Version 8.2 (8.1 was only available on the ASA 5580). "
Similar Messages
-
How to sync clock of Cisco ASA 5505 from NTP Server on internet
Hi there!
i've setup a site, with cisco ASA 5505. It has public ip also.
i want to sync the clock of firewall from on ntp server on internet, or with internal domain controller that is inside LAN.
The firewall has public IP also.
how can i do this?
Regards!Hello Lasandro,
This should do it!
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/basic_hostname_pw.html#wp1236530
Looking for some Networking Assistance?
Contact me directly at [email protected]
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com -
Cisco Ucs upgrade from 1.4(3m) to 2.1(1a)
hi!!
I need to do an upgrade from 1.4(3m) to 2.1(1a)!
i've 3 chassis 5108 ( 6 fex 2104xp ) with server B200 M2 and B440 M2. i've two Fi 6120Xp in cluster mode.
i've check the prerequisite to upgrade but i've a question about default zoning;
iv'e brocade switch 5300 ( fw v6.4.1 ) attached to Fi 6120xp
i've SAN configured :
i've no other configuration under San Tab.
The documentation says:
"Default Zoning is Not Supported in Cisco UCS, Release 2.1(1a) Onwards.Default zoning has been deprecated from Cisco UCS, Release 2.1(1a) onwards. Cisco has not supported default zoning in Cisco UCS since Cisco UCS, Release 1.4 in April 2011. All storage connectivity that relies on default zoning in your current configuration will be lost when you upgrade to Cisco UCS, Release 2.1(1a) or a later release. We recommend that you review the Fibre Channel zoning configuration documentation carefully to prepare your migration before you upgrade to Cisco
UCS, Release 2.1(1a) or later."
Can i upgrade to 2.1 (hi!!
I need to do an upgrade from 1.4(3m) to 2.1(1a)!
i've 3 chassis 5108 ( 6 fex 2104xp ) with server B200 M2 and B440 M2. i've two Fi 6120Xp in cluster mode.
i've check the prerequisite to upgrade but i've a question about default zoning;
iv'e brocade switch 5300 ( fw v6.4.1 ) attached to Fi 6120xp
i've SAN configured :
i've no other configuration under San Tab.
The documentation says:
"Default Zoning is Not Supported in Cisco UCS, Release 2.1(1a) Onwards.Default zoning has been deprecated from Cisco UCS, Release 2.1(1a) onwards. Cisco has not supported default zoning in Cisco UCS since Cisco UCS, Release 1.4 in April 2011. All storage connectivity that relies on default zoning in your current configuration will be lost when you upgrade to Cisco UCS, Release 2.1(1a) or a later release. We recommend that you review the Fibre Channel zoning configuration documentation carefully to prepare your migration before you upgrade to Cisco
UCS, Release 2.1(1a) or later."
Can i upgrade to 2.1 ( -
Renewed Cert on ASA, Upgraded from AnyConnect 2.5 to 3.1
We had been running AnyConnect 2.5 against our ASA and the Cert on our ASA Expired. the 2.5 Client (and all of the iPad Clients) had a way of saying, its cool, connect anyway if the Cert is not valid.
I finially got around to renewing the cert on the ASA. We have an Internal CA that I renewed it against. So if the CA's Cert was not installed in your trusted Cert Store you would get an error. Many Clients can Connect just fine with the new 3.1 client, Auto-upgrade, etc (besides it lopping off the /vpn from the connection URL)
We have a few of the clients that cannot connect. they get an error like:
The certificate on the secured gateway is invalid. A VPN connection will not be established
They have the CA's Root Cert installed in their trusted Cert Store. The Cert on the ASA has the proper CN, and Expiration date, so that should not be the issue.
When I look in the Syslog I see:
%ASA-7-725008: SSL client outside-interface:<Client Public IP>/50088 proposes the following 8 cipher(s).
%ASA-6-725001: Starting SSL handshake with client outside-interface:<Client Public IP>/50088 for TLSv1 session.
%ASA-7-710005: TCP request discarded from <Client Public IP>/50089 to outside-interface:<ASA Public IP>/443
%ASA-6-106015: Deny TCP (no connection) from <Client Public IP>/50089 to <ASA Public IP>/443 flags FIN ACK on interface outside-interface
%ASA-7-710005: TCP request discarded from <Client Public IP>/50089 to outside-interface:<ASA Public IP>/443
%ASA-6-106015: Deny TCP (no connection) from <Client Public IP>/50089 to <ASA Public IP>/443 flags PSH ACK on interface outside-interface
%ASA-6-725007: SSL session with client outside-interface:<Client Public IP>/50089 terminated.
%ASA-4-113019: Group = SSL-VPN, Username = <userID>, IP = <Client Public IP>, Session disconnected. Session Type: SSL, Duration: 0h:00m:31s, Bytes xmt: 9787, Bytes rcv: 3991, Reason: User Requested
%ASA-6-716002: Group #%cLt#%SSLVPNGrpPolicy> User #%cLt#%<UserID>> IP #%cLt#%<Client Public IP>> WebVPN session terminated: User Requested.
%ASA-6-725002: Device completed SSL handshake with client outside-interface:<Client Public IP>/50089
The other Interesting thing is in ADSM when I monitor the VPN Connections, All of the Trouble users show up in the "Clientless SSL VPN/Clientless" Section, where as the users that work fine are all in the "SSL VPN Client/WithClient" section. Though all of the ones in the
"SSL VPN Client/WithClient" section have 'Clientless SSL-Tunnel DTLS-Tunnel' as the Protocol.
We have completely removed AnyConnect and Manually installed the Client.
We have connected to the ASA's SSLVPN URL and had it install the Client.
All the same result. It Connects, Asks for a Username/Password, Displayes the Warning Banner to accept, checks for pgrads, then on the Establishing VPN comes up with the Server's Certificate is invalid.
Is this a NAT/PAT issue on the remote end?
Any Suggestions for these guys?
Thank you,
Scott<-AnyConnect 3.1 is a significant upgrade, even over 3.0.
Over 3.0 it adds an enhanced GUI (common between Windows and Mac), NAM enhancement, crypto suite B enhancements, HostScan/Posture performance enhancements, IPv6 support, better untrusted certificate handling, plug-in component tiles, etc.
3.0+ offers IPSec VPN client as opposed to SSL VPN. -
Cisco 1252 upgrade from standalone autonomous to LWAPP
Hi All,
Can somebody please guide me through the process of upgrading Cisco 1252 access point from Autonomous to Light Weight
iam attaching show version log which gives information about current IOS
on the access point & its in standalone mode now.
Any help would be greatly appreciated.
Cheers,
SatishHi Satish,
These two great threads discuss the methods to make this conversion;
From Steve, Leo and Charles;
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&topicID=.ee6e8b8&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2c5c3/0
From Scott and Steve;
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&topicID=.ee7c7c3&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2fd83/0
Hope this helps!
Rob -
Moving Cisco ASA interfaces from gigabit to tengigabit
Hi All,
I need to confirm, if the only way to move from interfaces gi0/x to ten0/x is:
1) Remove the configurations on gigabit interfaces and reconfigure (copy/past) it on the new "location".
(the new configuration will be EXACTLY the same... beside obliviously the physical interface)
2) BTW for to do this, I will automatically erase the NAT, ssh, services policy and other configuration!
3) Paste once again all the previously configuration.
---> It could work, but I would like to introduce something more "easy" without fall down in some errors to paste the configuration. (configuration is up to 60000 lines...
Maybe I can to this using the ASDM beside the CLI? (I hate ASDM :-P )
Any other experiences, suggestion?
Many regards in advance.You have it right - the process is a bit cumbersome due to how the ASA uses nameif to assign logical names to physical interfaces. Once you "no nameif" the old interface, all the related lines in the configuration that reference it go away.
Ideally, you can do this offline working from a complete backup (including any PSKs and SNMP community strings etc. that are normally encrypted) and just reload the configuration as a new startup-config into the box from bootup, having copied it all offline and changed the physical interface association only. -
CISCO ASA Enable DNS Lookup Problem
I have Cisco ASA 5510 , from ASA CLI i can not resolved the hostname. ( cisco.com or google.com)
At many form say do this.
1. Whilst in enable mode > enter configure terminal mode, then enable DNS Lookups.
CiscoASA#conf t
CiscoASA(config)# dns domain-lookup Outside
2. Then specify the external DNS Servers (Change IP addresses appropriately).
CiscoASA(config)# dns server-group DefaultDNS
CiscoASA(config-dns-server-group)# name-server 122.122.122.199
CiscoASA(config-dns-server-group)# name-server 122.122.122.198
CiscoASA(config-dns-server-group)# exit
3. Test it by pinging a name/URL.
CiscoASA(config)# ping www.20best.blogspot.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.123.123.123, timeout is 2 seconds:
But there is no command ( dns server-group ) in my ASA
Please tell me how to do this or any way
My ASA is showing only
ail-ASA# sh runn
: Saved
ASA Version 7.0(8)
hostname Mail-ASA
domain-name rawabiholding.com
enable password QuzxIf5jNzzT5kki encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 172.16.0.94 Test-web-mail
name 172.16.5.63 Mail-server
name 172.16.0.40 Web-Mail
name 172.16.0.24 MX-A
name 172.16.0.93 Test-Mail-MX
name 172.16.1.55 DNS-1
name 172.16.1.17 Web-Server
name 172.16.0.41 Helpdesk.rawabiholding.com
name 172.16.0.98 Test-Server
no dns-guard
interface Ethernet0/0
nameif outside
security-level 10
ip address 82.118.161.34 255.255.255.224
interface Ethernet0/1
nameif LAN
security-level 100
ip address 172.16.1.65 255.255.252.0
interface Ethernet0/2
nameif inside-Mail
security-level 100
ip address 172.16.5.37 255.255.255.0
interface Management0/0
nameif management
security-level 100
ip address 192.168.100.1 255.255.255.0
management-only
banner exec ************* If you are not Rawabi IT Member Please logout ********
banner login ***************** Do not open or login , if you are not allowed *
ftp mode passive
dns domain-lookup outside
dns name-server 212.102.0.82
dns name-server 212.102.0.11
access-list outside_access_in extended permit tcp any host 82.118.161.35 eq pop3
access-list outside_access_in extended permit tcp any host 82.118.161.35 eq smt.http://20best.blogspot.com
Dear Jennifer,
From Router-ISP, I check it is resolving the name to IP
but from ASA 5510 not, it giving error
Jennifer Halim wrote:Doesn't look like the DNS servers that you configured is resolving any DNS requests.I have just tried both DNS server, and it is refusing the DNS:> www.google.comServer: ns3.shabakah.net.saAddress: 212.102.0.82*** ns3.shabakah.net.sa can't find www.google.com: Query refused> www.google.comServer: [212.102.0.11]Address: 212.102.0.11*** [212.102.0.11] can't find www.google.com: Query refused
http://20best.blogspot.com/2011/06/visit-to-grand-canyon-in-10-days.html -
Upgrade Cisco ASA from 8.4 to 9.1
Hello,
Can I upgrade ASA IOS from 8.4(1) to 9.1 without any impact to the configuration?
I note that i have no NAT rule on my Firewall.
ASA5510 / RAM: 1024 MB
Thanks for your help !I hope that you will find this discussion of upgrade paths to be helpful.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574
HTH
Rick -
Cisco ASA 5505 - Can't Login from Public & Local IP Anymore!
Hello,
We've a Cisco ASA 5505 connected directly to Verizon FiOS Circuit (ONT) box using Ethernet cable. As per the existing documention that I have, the previous configured this as a dedicated router to establish a seperate VPN connection our software provider. They assigned both Public Static and Local Static IP address. When I try to ping the public IP address, it says request time out; so the public IP address is no longer working.
When I ping the local IP address of 192.168.100.11, it responds. The SolarWind tool also shows Always UP signal. How can I login into this router either from remotely or locally to check the configuration, backup and do the fimrware upgrade?
I also tried to connect my laptop directly to the ASA 5505 router LAN port. After 3 minutes, I'm able to connect to Internet without any issues. However I don't know the IP address to use to login.
Any advice would be greatly appreciated. Thank you.
UPDATE: I'm able to find the way! I need to use https to login! I'm able to download ASDM tool and login! Thanks to these resources:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml
http://cyruslab.wordpress.com/2010/09/09/how-to-download-asdm-from-asa5505-and-install-it/Hi Srinath,
If that ASA5505 has factory-default configuration on it , then it probably has 192.168.1.1 ip address on the LAN side and has got dhcp server turned on to provide you ip address dynamically the moment you hook up a machine to it directly or through a switch.
If you've access to ASDM.
You can go the Configuration Tab>>Device Management>>Device Access and turn on the SSH & Telnet from the LAN interface because by default only HTTPS/ASDM is enabled on LAN interface.
You will still need to generate crypto keys and create a username in order to get ssh working
For this you can click at the TOP at TOOLS>> Command Line Interface.
And in the box below type this
crypto key generate rsa modulus 1024
add a username
username <> password <> priv 15
and enable aaa authentication for ssh like this
aaa authentication ssh console LOCAL
Let me know if this helps.
Puneet -
ASA Firewall Upgrade from 8.2,8.4, to 9.0
Dear All ,
we have five firewalls with the following details:
First Firewall
Hardware: ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.4(3) ,Device Manager Version 6.4(7)
my question can i upgrade ASA IOS 8.4(3) to 9.0 directly without any issues also can i upgrade Device manager 6.4(7) to 7.0 without upgrading the ASA IOS itself
Second Firewall
Hardware: ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.2(3) ,Device Manager Version
6.2(3)
my question can i upgrade ASA IOS 8.2(3) to 9.0 directly without any issues also can i upgrade Device manager 6.2(3) to 7.0 without upgrading the ASA IOS itself
Third Firewall
Hardware: ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.4(3) ,Device Manager Version 6.4(7)
my question can i upgrade ASA IOS 8.4(3) to 9.0 directly without any issues also can i upgrade Device manager 6.4(7) to 7.0 without upgrading the ASA IOS itself
Fourth Firewall
Hardware: ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.4(3) ,Device Manager Version 6.4(7)
my question can i upgrade ASA IOS 8.4(3) to 9.0 directly without any issues also can i upgrade Device manager 6.4(7) to 7.0 without upgrading the ASA IOS itself
fifth Firewall:
Hardware: ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.2(3) ,Device Manager Version 6.2(3)
my question can i upgrade ASA IOS 8.2(3) to 9.0 directly without any issues also can i upgrade Device manager 6.2(3) to 7.0 without upgrading the ASA IOS itself
please help i am doing the upgrading remotely using the ASDM and i don't want to do any upgrade could result disconnectivity.
Best regardsHi Basel,
Honestly, I wouldn't suggest a direct upgrade from 8.2 to 9.0. This is a *major* upgrade. The recommended path to reach 9.0 would be from 8.2-->8.4-->9.0
Here are the release notes for 9.0:
http://www.cisco.com/en/US/docs/security/asa/asa90/release/notes/asarn90.html#wp690047
Per above document:
If you are upgrading from a pre-8.3 release, see also the Cisco ASA 5500 Migration Guide to Version 8.3 and Later
for important information about migrating your configuration.
Once you are on 8.3/8.4 (I would suggest 8.4 as a lot of issues were fixed post 8.3 as that was a huge transition from 8.2) upgrade to 9.0 is fairly simple.
Major part is upgrade from 8.2 to 8.4 as configuration changes and few things can be broken as a result. I would highly recommend you to check these docs before attempting an upgrade and also do it with some maintenence window so as to correct things in case they broke:
Following doc talks about 8.3 but it is applicable to direct upgrade to 8.4 as well:
https://supportforums.cisco.com/docs/DOC-12690
Release notes for 8.4:
http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html
Sourav -
ASA 5520 upgrade from 8.4.6 to 9.1.2
Dear All,
I am having ASA 5520 in Active Standby failover configuration . I want to know if I can upgrade it from 8.4.6 to 9.1.2 using the zero downtime upgrade process mentioned on cisco site .
Below is the process :
Upgrade an Active/Standby Failover Configuration
Complete these steps in order to upgrade two units in an Active/Standby failover configuration:
Download the new software to both units, and specify the new image to load with the boot system command.
Refer to Upgrade a Software Image and ASDM Image using CLI for more information.
Reload the standby unit to boot the new image by entering the failover reload-standby command on the active unit as shown below:
active#failover reload-standby
When the standby unit has finished reloading and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the no failover active command on the active unit.
active#no failover active
Note: Use the show failover command in order to verify that the standby unit is in the Standby Ready state.
Reload the former active unit (now the new standby unit) by entering the reload command:
newstandby#reload
When the new standby unit has finished reloading and is in the Standby Ready state, return the original active unit to active status by entering the failover active command:
newstandby#failover active
This completes the process of upgrading an Active/Standby Failover pair.
Also after upgrade are there any changes required after IOS migration ( i.e are there any changes in the command line of 8.4.6 and 9.1.2 )
It is mentioned on cisco site that
Major Release
—You can upgrade from the last minor release of the previous version to the next major release. For example, you can upgrade from 7.9 to 8.0, assuming that 7.9 is the last minor version in the 7.x release.Hi Tushar,
The steps you mentioned are perfectly fine. There is no major difference in the commands of the 2 versions, it's just that in access-rule from 9.1 you have to any4 instead of any for ipv4 and any6 for ipv6. During conversion it will get convert automatically.
Also, please refer to the following document (release notes of 9.1.2) for viewing the new features added in that version:
http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html#wp685480
- Prateek Verma -
Advice on upgrading ASA 5510 from version 8.4(4)1
Hello all,
Due to an issue we need to upgrade our ASA. Cisco Support team recommended upgrading to version 8.4.7, but, as we'll upgrade, we'd like to upgrade to version 9.
We still use Cisco VPN Client for Remote Access VPNs so I'd like your advice on which version to install on ASA.
Would you recommend version 9.0.3? 9.1.X?
Thanks in advance,
IgorWe have a pretty huge ASA and ASASM complex, and we are just about finished upgrading from an assortment of 8.4.x, 8.5.x, and 8.6.x installs to 9.1.3 on everything. There is one gotcha on some systems in that there is a file system change or some sort of bug that is fixed in 8.4.5 I think. So you _may_ have to first upgrade to a newer version (8.4.7 would work) before going to 9.1.3.
Our Cisco team has recommended going to version 9.x, and this is supported by recent tickets I've had on our stuff still running on 8.x, as the TAC engineer often says we need to upgrade to version 9.
Four our setup, we had some fatal bugs in 8.4.6 and 8.4.7 that kept us running 8.4.5 for a very long time on some equipment.
Anyway, I would recommend going to 9.1.3, which is one removed from the recently recleased 9.1.4. Our AnyConnect VPN complex has been on 9.1.3 for a few months now with no issues. Be sure to read the release notes thoroughly as 9.x changes some command contexts, new features, etc.
Graham -
Upgrading license for more context cisco asa 5580
Hi guys:
This is the situation I got to firewalls with failover and I need to upgrade the license so I can get more context (right now I have 5 context and I need 10) so I was looking at the procedure and I'm not sure If I need to restart the device or not. I was looking at this procedure:
Upgrading the License for a Failover using ASDM (No Reload Required)
Use the following procedure using ASDM if your new license does not require you to reload. This procedure ensures that there is no downtime.
•1. On the active unit, choose Configuration > Device Management > High Availability > Failover > Setup, and uncheck the Enable Failover check box. Now click Apply. The standby unit remains in a pseudo-standby state. Deactivating failover on the active unit prevents the standby unit from attempting to become active during the period when the licenses do not match.
•2. Choose Configuration > Device Management > Licensing > Activation Key, and enter the new activation key that you obtained with the active unit serial number. Now click Update Activation Key.
•3. Log into the standby unit by double-clicking its address in the Device List. If the device is not in the Device List, click Add to add the device. You might be prompted for credentials to log in.
•4. Choose Configuration > Device Management > Licensing > Activation Key, and enter the new activation key that you obtained with the standby unit serial number. Now click Update Activation Key.
•5. Log into the active unit again by double-clicking its address in the Device List. Choose Configuration > Device Management > High Availability > Failover > Setup, and re-check the Enable Failover check box.
•6. Click Apply. This completes the procedure.
link: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00806b1c0f.shtml#norelasdm
But then I checked on the cisco web page that there are some license that need to reload I see this:
All models
Downgrading any license (for example, going from 10 contexts to 2 contexts).
Note If a temporary license expires, and the permanent license is a downgrade, then you do not need to immediately reload the security appliance; the next time you reload, the permanent license is restored.
link: https://www.cisco.com/en/US/docs/security/asa/asa81/license/license81.html
So I just want to know if I'm UPGRADING from 5 to 10 context the reload applies to my situation or not?
RegardsNo reload is required when you are upgrading from 5 to 10 security context license.
Reload is only required on the following feature:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/license.html#wp1361750
Hope this helps. -
HI
I have two Cisco ASA 5540, these ASA running ver 7.2. and used mainly as VPN gateways.
My question is simple, Apart from the extra AnyConnect client functionality and the higher encryption, is there any specific security benefits (related to the VPN use) for upgrading to ver. 8.x ?
Thanks
A.Ammar,
Each version has Release Notes. For the ASA they are all posted here.
In each Release Note there is a "Resolved Caveats" sections. That is where the fixes for all problems - vulnerabilities as well as functions/features - are listed.
Besides higher encryption and Anyconnect client, you can also use IKE v2 (as of 8.4(1) ) which is more secure during session setup (apart from the level of encryption). You can also use identity-based features and a host of other features to further secure your remote access VPNs. On the other hand, if what you have now is meeting your needs, the only compelling reasons to upgrade are vulnerability and bug fixes (and perhaps a prettier version of ASDM that will run with the newest Java versions ). -
Cisco ASA non zero downtime upgrade
Hello,
with a NON zero downtime procedure upgrade all connections are lost, even nat and arp table ? here, http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ha_overview.html#wp1078922, on Table 61-2 State Information I think it is only for plain failover but not for upgrade with a non zero downtime upgrade procedure.Assuming you have a working HA pair with stateful failover, the Cisco supported answer is that you cannot skip minor releases (i.e. going from 9.1 directly to 9.3).
You CAN upgrade directly from 9.1(2) to 9.1(5) as that third ordinal (the number in parentheses) is known as the maintenance release level.
See table 1-6 in the Release notes for confirmation, excerpted here:
"You can upgrade from any maintenance release to any other maintenance release within a minor release.
For example, you can upgrade from 8.4(1) to 8.4(6) without first installing the maintenance releases in between."
Note that 9.1(3) or later have some restrictions that are unique to those more recent code levels as some file system changes were put in place that requires certain prerequisites for a successful upgrade. Given that you are on 9.1(2) already that doesn't affect you in this case but it may be a consideration for other readers. Those requirements are noted just above Table 1-6 in those release notes.
Maybe you are looking for
-
Error while deploying SOA composite via ant
I am getting following error while deploying SOA composite through ant from SOA server (UNIX).It is unable to get mds configuration. Jdeveloper is not installed in SOA server. I am trying to copy the SOA project from local machine to SOA server and t
-
DVD CD RW Drive Malfunctio​n. Can anyone pleas help solve this?
THE PROBLEM: DVD CD RW Disc drive malfunction. I strongly suspect device failure, but could it be a software issue? The drive appears to be working as evidenced by the usual clicking and whirring sounds. Then, as I usually do, from the START MENU,
-
Open item management is not activated
Hi Consultant, I want to activate the open item management in GL. We have done correct setting another GL account. The amount should be transferred from old GL to new GL. The old GL become zero balances. We will try to activate the open item mana
-
Macbook won't start in single-user-mode.
I'm trying to repair the disk and instead of booting in single-user mode, it boots up regularly, ignoring Command + S. I'm running 10.6.8. Thank you.
-
How to export bookmarks and settings to a new computer
how do I export my bookmarks, firefox settings and passwords to a new computer