Cisco ASA Upgrade

Overview

This pre-built contains the Cisco ASA device upgrade workflow for Ansible using IAP. The workflow requires that a newer binary version file is already downloaded locally on the destination device (bootflash:), and file integrity has been verified (using md5).

This solution consist of the following:

• Main Workflow (IAP-Artifacts ASA Device Upgrade)

  • Perform device environmental checks. Verifies a device is on a different version than the requested one.
  • Perform pre-checks to confirm device readiness.
  • Backup the running-config locally on flash drive.
  • Perform boot statement configuration to direct the router to load the newer version upon the next boot.
  • Issue the reload command.
  • Wait for device to become available after reboot.
  • Confirm reliable connectivity (ping consistency).
  • Perform post-checks to verify the device functionality running the new version.
  • Show a Pre-Post Checks diff report.
  • Perform MOP analysis to verify no unexpected config changes occurred.
  • Show a MOP analysis report.
  • Perform rollback, if requested.

• Command Templates

  • Will run the pre / post commands and evaluate them against set thresholds.

• Analytic Templates

  • Will run the pre vs. post comparisons and evaluate them against set thresholds.

• Automation Catalog Entry with a JSON-Form:

  • Mode selection: Zero-Touch, Normal, or Verbose
  • Allows user to pick destination device to run the upgrade on.
  • Allows user to pick software version to upgrade to (file names are hard coded in JSON form).
  • Ping-consistency variables