If you are going via upgrade path I suggest to use ASDM 7.2(2) as a minimum before you upgrade ASDM to a higher version. If the firewall is anywhere below: 8.4(6) or is 8.5(1) or 8.6(1) it has to go via upgrade path to the minimum version 9.2(1) as shown below. Customers should migrate to a supported release.Ĭisco came up with an upgrade path to address NAT translation changes between old 8.2(x) version and newer 8.4(6) and forward. Older version 8.2 - 8.4 - 8.5 - 8.6 have reached End of Software Maintenance. Many old ASA Images running on ASA5505 and ASA5510 requires upgrade.
CISCO ASA 5505 SOFTWARE 8.4.6 TPB HOW TO
How to patch Cisco ASA550x-X Modelsĭo not CONFUSE securing patching with upgrading (however some times upgrade may fix security flows (sic!)). The above instructions are only how to patch the specific version 8.2(1-5) and 8.4(1-6).
Note: The ASDM should be at least asdm-722.bin. Patch ASA 8.4(5) and later via direct upgrade to 9.1(7) STABLE or 9.2(4)8 INTERIM To an old device running ASA 8.4(5) image you should only apply the interim new image as follows: To an old device running ASA 8.2(5) image you should only apply the interim new image as follows: Patching - How to fix CVE-2016-1287 - Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability How to patch Cisco ASA5505 and ASA5510
Take a full firewall backup before you patch or upgrade either using ASDM or command line:ĪSDM: >Tools > Backup Configuration > Backup AllĬLI: more system: running-config CHECK MEMORYĬheck Memory of device - bulletinc25-586414.html Deploying - deploy the latest versionĪSA5505: (latest interim - latest available security fixes)ĪSA5510: (latest interim - latest available security fixes)ĪLL 550X-X MODELs (latest interim - latest available security fixes) Not every image is good for a firewall so here you find how to setup a failback image in case the new image won't boot. This is also a guide to perform upgrade from 8.2 to 9.1 (going through 8.4 is absolutely critical) This is also a guide how to deploy firewalls to be on the latest version from start. This page is about how patch Cisco ASA to fix latest vulnerabilities. How to patch and upgrade Cisco ASA to fix CVE-2016-1287? 4 Patching - How to fix CVE-2016-1287 - Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability - Ĥ.1 How to patch Cisco ASA5505 and ASA5510