12-26-2008 01:11 AM - edited 03-10-2019 04:26 AM
My Setup consist of:
Cisco ASA 5510 v8.0(2)
Cisco ASA-SSM10 IPS ver 5.0(2)S152.0
Q: I would like to know what is needed to upgrade the IPS to the latest Software version. There is currently no license present in my IPS.
Is it possible for me to upgrade from 5.0(2) straight to the latest 6.1(2)ES
12-26-2008 10:37 PM
http://www.cisco.com/en/US/docs/security/ips/5.0/installation/guide/hwssm.html
Hardware and Software Requirements says it is supported to upgrade.
You need to obtain AIP-SSM image and follow the instruction given in the section "Reimaging AIP-SSM Using the recover configure/boot Command "
http://www.cisco.com/en/US/docs/security/ips/6.2/installation/guide/hw_system_images.html#wp1230355
I would highly recommend you to use "http://tftpd32.jounin.net/ " tftp server for the tftp operations.
Licenses is must to get live signature updates, you can request a Trail one from the IDM/licensing/Update License option.
Hope this helps you!
01-01-2009 07:10 PM
Thanks for your reply.
I did a reimage as according to the cisco doc.
My AIP-SSM module is now on status recover and i can no longer session to my module.
I did a mistake, i did not configure its port ip address, that is the ip address of the IPS.
What can i do to recover my image? I cannot session to my module to set its ip address.
01-05-2009 08:19 AM
On the ASA CLI you can execute "debug module-boot" which will help you see what settings are being used for the TFTP download, and what TFTP errors may be happening.
If you need to change a setting (like the IP Address), then you can execute "hw-module module 1 recover stop".
Then execute "hw-module module 1 recover configure" to correct the configuration.
Then execute "hw-module module 1 recover boot" again to try the recovery again.
(NOTE: You might have to wait till the module is Up or has timed out and Unresponsive before executing the "recover boot".)
--------
As a side note.
If you run "hw-module module 1 recover stop", and the module actually makes it to an Up state, then you have another alternative.
The recover method you are using above really only needs to be used when the SSM has experiences a problem and needs to be recovered.
The recovery method should generally not be used for upgrading to higher versions.
The recovery method will erase all configuration from the SSM.
If your SSM is running properly, then you can do an "upgrade" instead of a "recover".
For upgrade instructions refer to:
An SSM sensor running 5.0(2) IS able to upgrade to 6.1(2)E3 directly.
You will want to use the IPS-K9-6.1-2-E3.pkg upgrade file:
http://www.cisco.com/cgi-bin/tablebuild.pl/ips6
The easiest method is to actually push the upgrade to the sensor using IDM:
Place the IPS-K9-6.1-2-E3.pkg file on your own desktop, then in IDM use the "Update is located on this client" option (Step 3 in the directions) to push that update to the sensor.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide