Upgrade Active/Failover ASA Pair

At work we have two ASA 5520’s that are configured as an active/failover pair. Here are the steps that we use to upgrade them.

1. Download the ASA software image and the ASDM image from Cisco
2. TFTP both files to both of the ASA’s
3. Console directly to the Primary ASA and type the following commands:
   1. 1. 1. Config t
         2. Boot system disk0:/NewASAimage.bin
         3. Asdm image disk0:/NewASDMimage.bin
   1. No boot system disk0:/OldASAimage.bin
   2. Exit
   3. Wr me
4. From the Primary ASA issue the following command:
   1. Failover reload-standby
5. Wait for the Failover ASA to reload and go to a “Standby Ready” state and all interfaces have a “Normal” state
6. Verify the Failover ASA is running the new ASA image by issuing the following command on the Primary ASA:
   1. Show failover (look at the “Version:” line, the Mate should be running new version)
7. From the Primary ASA issue the following commands:
   1. No failover active (wait for Primary ASA to go to “Standby Ready” and all interfaces have a “Normal” state)
   2. Reload
8. Once the Primary ASA has reloaded wait for it to change its state to “Standby Ready” and for all interfaces to have a “Normal” state
9. Verify that the Primary ASA is running the new ASA image by issuing the following command:
   1. Show version
10. From the Primary ASA issue the following command
    1. no failover active