The scenario is this:
2 ASA 5500 with virtual contexts in failover.
The primary ASA has the AIP-SSM20 working.
The secondary ASA (which is in Active/StandBy) needs its AIP-SSM20 to be working now and everything is in production.
Someone tried to configure this 2nd AIP-SSM, changed the password and lost it, so I tried to re-image it (no pass recovery allowed), but the connection fails to the TFTP server where the AIP-SSM image is.
Now the questions, all the re-imaging Cisco documentation show commands under ASA#
but as this scenario has multiple virtual contexts the ASA# shell has no IP as you know (which I assume is the reason why the ASA cant download the image from the TFTP server), and upon changing to other context (ASA/admin#) the re-imaging commands do not work (hw-module module 1 ... etc ...).
What is the solution? Is there documentation for this (with security contexts)??
Many Thanks for reading ;) please comment possible solutions.
Some things to keep in mind.
1) Execute "debug module-boot" on the ASA before executing the "hw-module module 1 recover boot" command. This will show you the ROMMON output of the SSM as it tries to do the re-image and you can watch for any errors.
2) Before trying to download from the SSM, first use a separate machine to tftp download from your laptop. This will ensure the tftp server on your laptop is working, and confirm what directory (if any) that you need to use as the file location.
3) If the tftp download doesn't work from the SSM, then the SSM may not be linking properly to your laptop. You may need a crossover cable to connect your laptop to the SSM. If you don't have a crossover cable then you might try connecting both the SSM and your laptop to a small hub, or configure a new vlan on your switch with just 2 ports and plug both the SSM and your laptop into that 2 port vlan.
4) Also try the download first with leaving the gateway at 0.0.0.0 since your laptop and the SSM will be on the same subnet. If that doesn't work then you might try a non-existent 220.127.116.11 address as the gateway.
5) Understand that the IP address you specify for the SSM using the "hw-module module 1 recover configure" command is just temporary for the download. Once an image is installed, then session to the module and execute the "setup" command in order to configure the permanent address you want to ure on the SSM's external port. This address in the "setup" command can the same as used in the "hw-module module 1 recover configure" command or a completely new one (as in your case). Just ensure you connect it to the right network for whatever address you give it.