ASA 5520 with IPS - upgrade version of IPS?

Unanswered Question
Feb 17th, 2008

Hi, I have just upgraded from a PIX to 2xASA 5520 in active/stanby mode. When I go into the IPS via the ASDM it only shows me a URL which doesn't work and mentions that I have version 1.5 and 1.6 would be integrated into the ASDM. How can I do this? I want it intergraded within the ASDM, and how do I show the exact version I am running?

Many thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
whiteford Sun, 02/17/2008 - 07:09

It is. I'm running ASA 8.0(3) ASDM 6.0(3).

When I go into IPS it says:

For IPS 5.1(6)E1, use the link below to access IPS Device Manager. (If the SSM management IP address or port is translated, replace them accordingly in the below URL). IPS 6.0.1 or above will be fully integrated into ASDM.

Let me know what info you need.

abinjola Sun, 02/17/2008 - 07:20

you are hitting CSCse47360.

The work around is to open up a new web browser and actually enter the IPS Module IP or upgrade SSM Module to 6.x

whiteford Sun, 02/17/2008 - 07:27

Sorry I'm new to this, what is CSCse47360?

How do I find out the IP of the IPS module or upgrade to SSM? Does SSM integrate it into ASDM?

abinjola Sun, 02/17/2008 - 07:57

np..everybody is new at some point when they start.

So you are hitting a bug and you may view the details here

Now the workaround is either to access the SSM by using IDM (Intrusion Device Manager) which can be done by assigning a management IP on the management port and connecting it to the VLAN/switch from where you can access it

If you would like to access IPS from ASDM itself then you need to upgrade the SSM Module to versin 6.x

whiteford Sun, 02/17/2008 - 08:17

Thanks, how can I tell what version I'm using plus how can I upgrade the SSM Module to versin 6.x?

I would like to use the ASDM to control it all.

Are you talking abou the mangement port on the ASA or the IPS module?

Thanks in advance :)

abinjola Sun, 02/17/2008 - 08:31

There is just one port on the entire chasis that says "mgmt" which is a IPS-SSM module management port

From asa# mode type "session 1", this will take you to SSM module, from there type sh version, this would tell you IPS version you running

The following link would help you to log in and upgrade :-

whiteford Sun, 02/17/2008 - 09:00

Me getting confused, I see a mgmt for the asa and this port on the ISP mod, I'll try.

Here is the output, looks out of date, what do you think:

sensor# sh version

Application Partition:

Cisco Intrusion Prevention System, Version 5.1(6)E1


Realm Keys key1.0

Signature Definition:

Signature Update S291.0 2007-06-18

Virus Update V1.2 2005-11-24

OS Version: 2.4.26-IDS-smp-bigphys

Platform: ASA-SSM-10

Serial Number: *****

No license present

Sensor up-time is 1 day.

Using 619913216 out of 1054670848 bytes of available memory (58% usage)

system is using 17.4M out of 29.0M bytes of available disk space (60% usage)

application-data is using 45.9M out of 166.8M bytes of available disk space (29%


boot is using 35.3M out of 68.6M bytes of available disk space (54% usage)

MainApp Z-2007_JUN_19_12_49 (Release) 2007-06-19T13:04:08-0500 Ru


AnalysisEngine Z-2007_JUN_19_12_49 (Release) 2007-06-19T13:04:08-0500 Ru


CLI Z-2007_JUN_19_12_49 (Release) 2007-06-19T13:04:08-0500

Upgrade History:

IPS-K9-5.1-6-E1 16:56:31 UTC Sun Feb 17 2008

Recovery Partition Version 1.1 - 5.1(6)E1


abinjola Sun, 02/17/2008 - 16:49

yes you are running version 5.1(6), so as I said earlier in case you need to manage SSM from ASDM you need to upgrade this to 6.0.x


This Discussion