Update Cisco ASA – Directly from Cisco (via ASDM)

KB ID 0000636 

Problem

Warning:

Before upgrading/updating the ASA to version 8.3 (or Higher) Check to see if you have the correct amount of RAM in the firewall (“show version” command will tell you). This is VERYIMPORTANT if your ASA was shipped before February 2010. See the link below for more information.

ASA – Memory Error (Post upgrade to version 8.3)

Warning 2:

Be aware, if you are upgrading to an OS of 8.4(2) or newer you can no longer access the device via SSH when using the default username of “pix” you need to enable AAA authentication for SSH, do this before you reboot/reload the firewall or you may lock yourself out.

ASA Enable AAA LOCAL Authentication for SSH

Its been a while since I wrote how to update the ASA by command line, and how to update the ASA from the ASDM. Now you can update the ASA directly from Cisco, providing you have a valid cisco CCO account.

Solution

1. Connect to the the ASDM on the ASA > Tools > Check for ASA/ASDM Updates.

Check for ASA/ASDM Updates

2. Supply your Cisco CCO account information.

CCO username

3. Next.

Update ASA

4. Decide if you want to update the OS of the ASA or the ASDM, or both.

Upgrade ASA

5. Next.

Upgrade ASDM

6. The software will download. (The OS is downloading here), Note: it will get downloaded to the machine that the ASDM is running on first.

Download ASA OS

7. Then the ASDM software will download.

Download ASDM

8. You may find that there is not enough room in flash memory, if so you will see this error. (if it does not error skip to step 11).

There is not enough free space on the device

9. If you are stuck for room you can delete some items from your flash memory > Tools > File Management.

ASDM File Management

10. Here you can see I’m deleting and old version of the ASDM. Note you could delete the live version of the ASDM and Operating system if you had no choice (THOUGH DONT REBOOT THE FIREWALL until the new ones have uploaded, or you will be loading the files in in ROMMON mode!)

Delete From Flash

11. Once all the files have been downloaded to your location, they will be uploaded to the firewalls flash memory.

Upload ASDM

12. Next.

Upload ASA 5500 OS

13. Finish.

Save and Reboot ASA

Note: What happens now is the following commands are issued in the background automatically; (Note the versions numbers may be different in your case).

asdm image disk0:/asdm-649.bin
no boot system disk0:/asa843-k8.bin
boot system disk0:/asa844-1-k8.bin
boot system disk0:/asa843-k8.bin

14. After the firewall reboots, it should come back up with the new OS and ASDM version.

Updated ASA

Related Articles, References, Credits, or External Links

Cisco ASA5500 Update System and ASDM (From CLI)

Cisco ASA5500 Update System and ASDM (From ASDM)

Author: Migrated

Share This Post On