By default, the ASA boots from a startup configuration that is a hidden file. You can alternatively set any configuration to be the startup configuration by entering the following command:. When you delete a file from a USB drive accessed as disk1:, for example , then the USB is moved to the other slot from bottom to top, or top to bottom , and the file reappears. With this type of online insertion removal, to make sure that the file is actually deleted and no longer appears when you enter the show disk1: command, enter the following command:.

The two units in a failover configuration should have the same major first number and minor second number software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support. To ensure long-term compatibility and stability, we recommend upgrading both units to the same version as soon as possible.

Table shows the supported scenarios for performing zero-downtime upgrades on a failover pair. Table Zero-Downtime Upgrade Support. You can upgrade from any maintenance release to any other maintenance release within a minor release. For example, you can upgrade from 7.

You can upgrade from a minor release to the next minor release. You cannot skip a minor release. Upgrading from 7. You can upgrade from the last minor release of the previous version to the next major release. Note Zero downtime upgrades are possible, even when feature configuration is migrated, for example, from 8.

For more details about upgrading the software on a failover pair, see the following topics:. Step 2 Reload the standby unit to boot the new image by entering the following command on the active unit:. Step 3 When the standby unit has finished reloading, and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the following command on the active unit.

Note Use the show failover command to verify that the standby unit is in the Standby Ready state. Step 4 Reload the former active unit now the new standby unit by entering the following command:. Step 5 When the new standby unit has finished reloading and is in the Standby Ready state, return the original active unit to active status by entering the following command:. Step 2 Make both failover groups active on the primary unit by entering the following command in the system execution space of the primary unit:.

Step 3 Reload the secondary unit to boot the new image by entering the following command in the system execution space of the primary unit:. Step 4 When the secondary unit has finished reloading, and both failover groups are in the Standby Ready state on that unit, make both failover groups active on the secondary unit by using the following command in the system execution space of the primary unit:.

Note Use the show failover command to verify that both failover groups are in the Standby Ready state on the secondary unit. Step 5 Make sure that both failover groups are in the Standby Ready state on the primary unit, and then reload the primary unit using the following command:. Step 6 If the failover groups are configured with the preempt command, they automatically become active on their designated unit after the preempt delay has passed. If the failover groups are not configured with the preempt command, you can return them to active status on their designated units using the failover active group command.

In single context mode or from the system configuration in multiple mode, you can copy the startup configuration or running configuration to an external server or to the local flash memory as follows:. Note Be sure that the destination directory exists. If it does not exist, first create the directory using the mkdir command. Copy context configurations or other files that are on the local flash memory by entering one of the following commands in the system execution space:.

In multiple context mode, from within a context, you can perform the following backups:. To print the configuration to the terminal, enter the following command:. Copy the output from this command, and then paste the configuration into a text file. Additional files essential to your configuration might include the following:.

The CLI lets you back up and restore individual elements of your configuration using the export and import commands. To back up these files, for example, those files that you imported with the import webvpn command or certificates, perform the following steps:. Step 1 Run the applicable show command s as follows:.

Step 2 Run the export command for the file that you want to back up in this example, the rdp file :. For security reasons, we do not recommend that you perform automated backups of digital keys and certificates or the local CA key. This section provides instructions for doing so and includes a sample script that you can use as is or modify as your environment requires. The sample script is specific to a Linux system.

To use it for a Microsoft Windows system, you need to modify it using the logic of the sample. Note The existing CLI lets you back up and restore individual files using the copy , export , and import commands. It does not, however, have a facility that lets you back up all ASA configuration files in one operation. Running the script facilitates the use of multiple CLIs.

To use a script to back up and restore an ASA configuration, first perform the following tasks:. Another option is to use a commercially available tool. You can put the logic of this script into such a tool. To run a backup-and-restore script, perform the following steps:.

Step 1 Download or cut-and-paste the script file to any location on your system. Step 2 At the command line, enter Perl scriptname , where scriptname is the name of the script file. Step 3 Press Enter. Step 4 The system prompts you for values for each option.

Alternatively, you can enter values for the options when you enter the Perl scriptname command before you press Enter. Either way, the script requires that you enter a value for each option. Step 5 The script starts running, printing out the commands that it issues, which provides you with a record of the CLIs.

You can use these CLIs for a later restore, which is particularly useful if you want to restore only one or two files. Auto Update is a protocol specification that allows an Auto Update Server to download configurations and software images to many ASAs and can provide basic monitoring of the ASAs from a central location.

The ASA can be configured as either a client or a server. As an Auto Update client, it periodically polls the Auto Update Server for updates to software images and configuration files. Note Auto Update is supported in single context mode only. SSL is used when https is specified.

The user and password arguments of the URL are used for basic authentication when logging in to the server. The source interface keyword and argument specify which interface to use when sending requests to the Auto Update Server. If you specify the same interface specified by the management-access command, the Auto Update requests travel over the same IPsec VPN tunnel used for management access.

The verify-certificate keyword verifies the certificate returned by the Auto Update Server. The identifier used is determined by specifying one of the following parameters:. Step 3 Optional To specify how often to poll the Auto Update Server for configuration or image updates, enter the following command:.

The poll-period argument specifies how often in minutes to check for an update. The default is minutes 12 hours. The retry-count argument specifies how many times to try reconnecting to the server if the first attempt fails. The default is zero. The retry-period argument specifies how long to wait in minutes between retries. The default is five minutes. The days-of-the-week argument is any single day or combination of days: Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, and Sunday.

Other possible values are daily Monday through Sunday , weekdays Monday through Friday , and weekends Saturday and Sunday. The time argument specifies the time in the format HH:MM at which to start the poll. For example, is a. The randomize minutes keyword and argument specify the period to randomize the poll time following the specified start time. The range is from 1 to minutes. Step 5 Optional If the Auto Update Server has not been contacted for a certain period of time, entering the following command causes it to stop passing traffic:.

The period argument specifies the timeout period in minutes between 1 and The default is to never time out zero minutes. To restore the default, enter the no form of this command. Use the auto-update timeout command to be sure that the ASA has the most recent image and configuration. This condition is reported with system log message On a failed polling attempt, the ASA will try to reconnect to the Auto Update Server ten times, and will wait three minutes between attempts at reconnecting, as shown in the following example:.

Step 1 To enable client update, enter the following command:. Step 2 Configure the following parameters for the client-update command that you want to apply to the ASAs:. The maximum length is 63 characters. It can be asa, pix, or a text string with a maximum length of seven characters. The rev-nums rev-nums parameter specifies the software or firmware images for this client. Enter up to four, in any order, separated by commas. The type type parameter specifies the type of clients to notify of a client update.

The ASAs in the list may include the following:. This URL must point to a file appropriate for this client. Configure the parameters for the client update that you want to apply to all ASAs of a particular type.

Join Us! By joining you are opting in to receive e-mail. Promoting, selling, recruiting, coursework and thesis posting is forbidden. Students Click Here. I have an ASA that requires a downgrade to work with one particular system. I need to go down to version asa and PDM version For whatever reason those are what they are saying I require.

Can someone tell me the easiest way to do this to a new out of box device?

