IPS engine upgrade with failover ASA, now they don't match?

Unanswered Question
Apr 26th, 2007
User Badges:

We recently added a failover 5520 with the ASA-SSM-20, which matches the primary ASA/IPS. My question is I just upgraded the primary IPS to 5.1(5)-E1. It went fine, except now the failover IPS is still on 5.0(2). How do I update the failover IPS to match what's on the primary?

Shouldn't this happen automatically since it is setup in a failover scenario? I have it cabled via a cross-over cable to the primary ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nick Egloff Thu, 04/26/2007 - 08:46
User Badges:

The SSM modules are managed completely separately from the firewalls; you need to upgrade & manage both of them individually, as well as apply the same configurations to each either separately, or via a group in either CSM or VMS...

If the second SSM module hasn't been given its own IP, you can "session" into it from the standby firewall console and then give it it's own IP..

If this helped, please rate the post :-)



ttrevino1 Thu, 04/26/2007 - 09:17
User Badges:

Hey Nick, I'm not sure if the failover IPS has it's own IP, I'll have to check. We had a vendor install it a couple of weeks ago.

I downloaded the latest version of CSM, but it said it wasn't compatible with XP? Is there a differernt one which will work? I haven't used CSM or VMS before, so I'm not familiar with either.


This Discussion