Upgrading ASA-SSM-20

Unanswered Question
Sep 26th, 2008

I will be upgrading the ASA-SSM-20 modules in my ASA 5520 Appliances. currently the the output of my sho ver command is as followed

Application Partition:

Cisco Intrusion Prevention System, Version 6.0(3)E1


Realm Keys key1.0

Signature Definition:

Signature Update S291.0 2007-06-18

Virus Update V1.2 2005-11-24

OS Version: 2.4.30-IDS-smp-bigphys

Platform: ASA-SSM-20

Serial Number: JAF11122A2Y

License expired: 01-Mar-2008 UTC

Sensor up-time is 239 days.

Using 1028734976 out of 2093682688 bytes of available memory (49% usage)

system is using 17.8M out of 29.0M bytes of available disk space (61% usage)

application-data is using 42.7M out of 166.8M bytes of available disk space (27% usage)

boot is using 37.8M out of 68.6M bytes of available disk space (58% usage)

MainApp N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500 Running

AnalysisEngine N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500 Running

CLI N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500

Upgrade History:

IPS-K9-6.0-3-E1 22:51:28 UTC Fri Sep 26 2008

Recovery Partition Version 1.1 - 6.0(3)E1

The image and version output appears the same as my IDSM-2 module. I will be upgrading to 6.0(5)E2

Should I be using the IPS-SSM_20-K9-sys-1.1-a-6.0-5-E2.img image to do so?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mathias.mahnke Sun, 09/28/2008 - 10:19

You could just use the upgrade command with a "pkg" file:

sensor# configure terminal

sensor(config) upgrade http:///IPS-K9-6.x-y-Ez.pkg

(Download the pkg file befor and put it on a local web server.)

marcabal Mon, 09/29/2008 - 06:34

The System (-sys-) images should only be used when doing disaster recovery and you need to get the sensor back to how it would look as if it was jsut purchased.

If your sensor is up and running, then you want to upgrade it, rather than System image it.

The appliances, AIP-SSM modules, and the IDSM-2 all use the same upgrade file. Only the AIM-IPS Router module has a unique upgrade file because it has a Mips processor rather than an x86 processor.

The upgrade files can be downloaded from here:



The "upgrade" file and System Image files will install the same files on the sensor.

There are 2 main differences:

The 1st difference is that the "upgrade" will convert your current configuration to work with the new version while a System Image will reformat the flash/disk and all previous configuration will be lost.

The 2nd difference is how they are installed. The "upgrade" file is installed directly onto a running sensor using the running IPS software. Either through the IPS CLI, IDM, IME, CSM, or an auto upgrade.

The System Images, however, rely on an alternate method. The Appliances use ROMMON, the AIP-SSM modules use the hw-module command of the ASA, the IDSM-2 uses a Maintenance Partition, the AIM-IPS uses a bootloader. Each of the different methods requires a different type of image, and so each System Image is specific to the platform, but almost all of the System Images contain and install the same files as the upgrades.


This Discussion