Should reboot of ASM-SSM-10 cause ASA failover?

Unanswered Question
Feb 28th, 2007

I have two ASA 5520's with SSM-10 modules configured in active/standby failover mode running 7.2(1).

The IPS policy on the ASA is configured for IPS inline and permit traffic if the module fails. The ASA Criteia tab has the number of interfaces the triggers failover set to 2. The SSM Bypass mode is configured for Auto.

If I execute a reboot of the sensor from the gui (where is states is safely shuts down and reboots the sensor), should it cause the ASA to failover to the secondary?

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
vitripat Wed, 02/28/2007 - 10:00

Reboot of SSM module will trigger failover to secondary ASA. When this happens, following debug message is logged if debugs are enabled-

fover_health_monitoring_thread: Primary: Switching to FAILED for reason Detect service card failure.

Regards,

Vibhor.

tim.weid Fri, 03/02/2007 - 15:23

That is correct. I have 2 sets of ASAs with AIP SSMs and even adding a new Sig update will cause the ASAs to failover. The ASA reads the reload of the SSM card as a failure and fails from primary to secondary.

dakissia Sun, 03/11/2007 - 19:11

Hello,

I wish i could help but i have very little knowledge of IPS.

I also have a pair of asa-5520 that i was told is configured for IPS. But I can't find anything matching/describing an ips configuration in the 'show run' from the cli. Can anyone tell me how to get there to view the ips config that is apparently incomplete (no signature update, notification etc are also missing). what command do I need to issue to view IPS config details. can this be done from cli?

Thanks in advance.

Oumar

Tshi M Tue, 04/03/2007 - 08:22

I don't know if this posting has been closed but you can access the module through the CLI:

firewall# session 1

this will take you to the module. once there just do a show conf to see the configuration.

Nick Egloff Tue, 04/03/2007 - 08:27

Originally, Cisco called this a bug.. I don't know if it's being considered a feature now, or if it's still a bug, and if so when it might be fixed; this is a real pain because a number of signature updates reload at the end, which triggers a failover...

My .02....

Actions

This Discussion