AIP-SSM system upgrade

Unanswered Question
Nov 27th, 2007

I've received a new asa5520 with aip-ssm (ssm-20). I have upgraded the ASA image to 7.2(3) successfully. I am trying to upgrade the SSM module from 5.1(6)E1 to 6.0(3)E1. I have the following connections

Sensor IP:

ASA G0/0:


TFTP server:

Subnet: /29

trying to upgrade from the ASA I have issued the commands:

hw-module module 1 recover configure

>Image URL: tftp://

>Port IP address:


hw-module module 1 recover boot

debug module-boot

here is the output I get

Slot-1 64> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006

Slot-1 65> Platform ASA-SSM-20

Slot-1 66> GigabitEthernet0/0

Slot-1 67> Link is UP

Slot-1 68> MAC Address: 001c.5826.2083

Slot-1 69> ROMMON Variable Settings:

Slot-1 70> ADDRESS=

Slot-1 71> SERVER=

Slot-1 72> GATEWAY=

Slot-1 73> PORT=GigabitEthernet0/0

Slot-1 74> VLAN=untagged

Slot-1 75> IMAGE=IPS-SSM-K9-sys-1.1-a-6.0-3-E1.img

Slot-1 76> CONFIG=

Slot-1 77> LINKTIMEOUT=20

Slot-1 78> PKTTIMEOUT=4

Slot-1 79> RETRY=20

Slot-1 80> tftp [email protected] via

Slot-1 81> TFTP failure: Packet verify failed after 20 retries

Slot-1 82> Rebooting due to Autoboot error ...

Slot-1 83> Rebooting....

Any ideas on why I'm getting the failure at line 81 would be great!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ghalleen Sat, 12/01/2007 - 00:17

Try it again, but this time don't add a gateway address. If you go to Networkers, I cover this in the Troubleshooting IPS session. It's a frustrating problem when you initially run into it! ;-)

Only add a gateway when the TFTP server is on a different LAN segment than the sensor.


rhermes Mon, 12/03/2007 - 12:08

If your sensor boots into 5.x you can issue the upgrade command

upgrade ftp://user@

It's less complex than re-imaging your sensor from scratch, plus there are less hidden problems that require you to attend a troubleshooting class to discover.


This Discussion