Table of Contents
Note For compatibility information regarding related software, such as Active Directory, see the release notes for your software version at http://www.cisco.com/c/en/us/support/security/asa-next-generation-firewall-services/products-release-notes-list.html.
For a list of available documentation, see Finding ASA CX and Cisco Prime Security Manager Documentation at http://www.cisco.com/c/en/us/td/docs/security/asacx/roadmap/asacxprsmroadmap.html.
- Cisco Prime Security Manager ASA CX Device Support Matrix
- Cisco ASA CX Hardware Compatibility
- Cisco Prime Security Manager ASA without CX Device Support
Cisco Prime Security Manager (PRSM) Multiple Device mode can manage ASA CX devices and the ASAs that contain them. The following table shows the supported software versions for managed ASA CX devices based on the PRSM version. You must use the same PRSM version number as that running on the ASA CX device.
The table is based on the ASA CX software version running on the device; if a cell includes an ASA version, that combination is supported when the ASA is running the indicated software version. The table assumes that you are running the most recently released build for a given ASA CX version.
The following table shows the hardware platforms that support each ASA CX hardware or software module, and the required ASA CX and ASA Software versions. The table assumes that you are running the most recently released build for a given ASA CX version.
In addition to the ASA CX support matrix shown in Cisco Prime Security Manager ASA CX Device Support Matrix, PRSM 9.2 and higher can manage Cisco ASA-5500 Series Adaptive Security Appliance (ASA) devices that do not include a CX module. The following table shows the supported models and ASA Software versions for non-CX ASA devices.
The following table shows the supported upgrade paths for System Software packages. Supported paths have been tested; any other combination is untested and is not supported. Thus, you might need to apply multiple upgrade packages to get to the current release.
Because the releases listed consist of multiple maintenance releases, which include an extra point and build number, keep the following in mind when evaluating an upgrade from one specific build to another:
- You might be prevented from upgrading between specific builds of older releases to a specific build of the higher release. As a general rule, if you are running a build that was released chronologically after a given build of the higher release, you cannot upgrade to that build; wait for a new build. For example, you cannot upgrade from 9.2(1.4)-5 to 9.3(1.1)-112, although upgrade from 9.2(1) to 9.3(1) is generally supported.
- Tested upgrade paths are for the most recent build number for a given version, and sometimes the second most recent build. For example, upgrade from 9.1(1) to 9.1(3) is tested with build 9.1(1) Build 21; 9.1(2) to 9.1(3) is tested with 9.1(2) Builds 29 and 42. To ensure the best results, you should upgrade to the most recent build (that was released chronologically prior to the higher release’s build) for the release you are running before upgrading to a new version.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.