Release Notes for the Cisco ASA 5500-X Series, Version 8.6(x)
Upgrading the Operating System and ASDM Images
Installing the IPS Software Module
Installing or Upgrading Cisco Secure Desktop
Obtaining Documentation, Obtaining Support, and Security Guidelines
Released: February 28, 2012
Update: July 12, 2016
This document contains release information for the Cisco ASA 5500-X software Version 8.6(1).
Version 8.6.(1) supports only the Cisco ASA 5500-X series, which includes the Cisco ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X. This version is not available for the ASA 5585-X.
Table 1 lists information about ASDM, module, and VPN compatibility with the ASA 5500 series.
ASA Version 8.6 requires ASDM Version 6.6 or later. For information about ASDM requirements for other releases, see Cisco ASA Compatibility : http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html |
|
For the latest OS and browser test results, see the Supported VPN Platforms, Cisco ASA 5500 Series : http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html |
|
For information about module application requirements, see Cisco ASA Compatibility : http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html |
Table 2 lists the new features for ASA Version 8.6(1). This ASA software version is only supported on the ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X.
Note Version 8.6(1) includes all features in 8.4(2), plus the features listed in this table.
Features added in 8.4(3) are not included in 8.6(1) unless they are explicitly listed in this table.
This section describes how to upgrade to the latest version and includes the following topics:
Note For ASDM procedures, see the ASDM release notes.
Use the show version command to verify the software version of your ASA.
This section describes how to install the ASDM and operating system (OS) images using TFTP. For FTP or HTTP, see the “Managing Software and Configurations” chapter in CLI configuration guide.
We recommend that you upgrade the ASDM image before the OS image. ASDM is backward compatible, so you can upgrade the OS using the new ASDM; however, you cannot use an old ASDM image with a new OS.
For information about upgrading software in a failover pair, see the “Performing Zero Downtime Upgrades for Failover Pairs” chapter in the CLI configuration guide.
Step 1 If you have a Cisco.com login, you can obtain the OS and ASDM images from the following website:
http://www.cisco.com/cisco/software/navigator.html
Step 2 Back up your configuration file. To print the configuration to the terminal, enter the following command in privileged EXEC mode:
Copy the output from this command, then paste the configuration in to a text file.
Note If you are upgrading from a pre-8.3 version, then the running configuration is backed up automatically.
For other methods of backing up, see the “Managing Software and Configurations” chapter in the CLI configuration guide.
Step 3 Install the new images using TFTP. Enter this command separately for the OS image and the ASDM image:
If your ASA does not have enough memory to hold two images, overwrite the old image with the new one by specifying the same destination filename as the existing image.
Step 4 To change the OS boot image to the new image name, enter the following commands in global configuration mode.
Step 5 To configure the ASDM image to the new image name, enter the following command:
Step 6 To save the configuration and reload, enter the following commands:
Your ASA typically ships with IPS module software present on Disk0. If the module is not running, however, you need to install the module.
Step 1 To view the IPS module software filename in flash memory, enter:.
For example, look for a filename like IPS-SSP_5512-K9-sys-1.1-a-7.1-4-E4.aip. Note the filename; you will need this filename later in the procedure.
Step 2 If you need to copy a new image to disk0, download the image from Cisco.com to a TFTP server, and then enter:
For other server types, see the “Downloading a File” section.
Step 3 To identify the IPS module software location in disk0, enter the following command:
For example, using the filename in the example in Step 1, enter:
Step 4 To install and load the IPS module software, enter the following command:
Step 5 To check the progress of the image transfer and module restart process, enter the following command:
The Status field in the output indicates the operational status of the module. A module operating normally shows a status of “Up.” While the ASA transfers an application image to the module, the Status field in the output reads “Recover.” When the ASA completes the image transfer and restarts the module, the newly transferred image is running.
ASA Version 8.6.(1) requires Cisco Secure Desktop Release 3.2 or later. You do not need to restart the ASA after you install or upgrade Cisco Secure Desktop.
To install or upgrade the Cisco Secure Desktop software, perform the following steps:
Step 1 Download the latest Cisco Secure Desktop package file from the following website:
http://www.cisco.com/cisco/software/navigator.html
Step 2 Install the new image using TFTP:
Step 3 Enter the following command to access webvpn configuration mode (from global confguration mode):
Step 4 To validate the Cisco Secure Desktop distribution package and add it to the running configuration, enter the following command:
Step 5 To enable Cisco Secure Desktop for management and remote user access, use the following command.
Table 3 contains the open caveats in Version 8.6(1).
If you are a registered Cisco.com user, view more information about each caveat using the Bug Toolkit at the following website:
For information on the end-user license agreement, go to:
https://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
For additional information about the ASA, see Navigating the Cisco ASA Series Documentation :
http://www.cisco.com/en/US/docs/security/asa/roadmap/asaroadmap.html
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html