Solved: AIP-SSM reload

Tshi M · ‎03-30-2007

does reloading the AIP-SSM module affect the ASA?

vitripat · ‎03-30-2007

Exactly. If you dont have a policy-map using SSM module, then you can reload the SSM module and it wont affect the traffic through ASA. To give you more information, here is a link which gives information on how to configure ASA to use SSM module:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/ssm.htm#wp1050744

Hope that helps.

Regards,

Vibhor.

View solution in original post

vitripat · ‎03-30-2007

There are few conditions here.

- If you have ASA pairs in failover and you reload the SSM module on Primary ASA, then Primary ASA will failover to secondary ASA.

- If you dont have failover and you are using SSM services:

a) If SSM is configured as "fail-open", things will keep working fine.

b) If SSM is configured as "fail-close", this will block the traffic through ASA till SSM module comes up.

- If ASA is not using SSM module services, there wont be no issues whatsoever.

Hope that helps.

Regards,

Vibhor.

Tshi M · ‎03-30-2007

Just to be clear, you are saying that if we aren't using the SSM module (i.e. the ASA is not configured to use it), we can safely reload it, right?

vitripat · ‎03-30-2007

Exactly. If you dont have a policy-map using SSM module, then you can reload the SSM module and it wont affect the traffic through ASA. To give you more information, here is a link which gives information on how to configure ASA to use SSM module:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/ssm.htm#wp1050744

Hope that helps.

Regards,

Vibhor.

Tshi M · ‎04-03-2007

I haven't tried the reboot yet but once I do. I will rate it accordingly. Regards,