AIP SSM-10 is unresponsive

Unanswered Question
Feb 17th, 2010

Hi,

I am having problem with my AIP SSM 10 which is installed in ASA 5510, the following output comes when i issue command "show module"

Mod Card Type                                    Model              Serial No.

--- -------------------------------------------- ------------------ -----------

  0 ASA 5510 Adaptive Security Appliance         ASA5510            xxxxxxxxxxx

  1 ASA 5500 Series Security Services Module-10  ASA-SSM-10  xxxxxxxxxxx

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version

--- --------------------------------- ------------ ------------ ---------------

  0 0021.a0ec.e807 to 0021.a0ec.f80b  2.0          1.0(11)5     8.0(4)

  1 0021.a0af.dbdf to 0021.a0af.cbdf  1.0            1.0(11)5

Mod SSM Application Name           Status           SSM Application Version

--- ------------------------------ ---------------- --------------------------

Mod Status             Data Plane Status     Compatibility

--- ------------------ --------------------- -------------

  0 Up Sys                Not Applicable

  1 Unresponsive       Not Applicable

ASA#

i have searched the relavent docs from cisco's site, and issued commands to resolve the issues i.e.
ASA# hw module 1 reset
The module in slot 1 should be shut down before
resetting it or loss of configuration may occur.
Reset module in slot 1? [confirm]
Reset issued for module in slot 1
No positive result.
ASA-A# Reload module in slot 1?
ERROR: % Unrecognized command
ASA-A# Reload module in slot 1 [confirm]
Module in slot 1 can not be reloaded, not in Up state.
please help.
regards
Zafar
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
pkampana Thu, 02/18/2010 - 13:30

Enable "debug module" and do a "hw module 1 reset". If you don't see a debug after a bit saying "Booting...", try reseating the module if it is still in Unresponsive status. It is hot-swappable if it is already in the ASA.

I hope it helps.

PK

pkampana Tue, 10/19/2010 - 06:23

You need to power down the ASA ONLY if it is the first time you are putting the module in.

If the module is still in there you can reseat it without powering down the ASA.

I hope it makes sense.

PK

Daniela Herrera Tue, 10/26/2010 - 14:00

I also had the idea that the AIP-SSM was not hot-swap, can't assure otherwise. But I agree that pulling it out and in again on the ASA should fix the problem.I've done it by shuting down the ASA. It's real quick.

You can also try the "hw-module recover" option (which you have to configure first) in case the module allows it. This will restore the module to factory defaults so it's really important to realize that configuration will  be gone and that a copy of the license information is needed to re-activate the module.

The debug they mention earlier is really useful during this process since you won't be seeing anything on the ASA and the module will take a while to get back up.

Hope this is useful.

Regards,

pkampana Tue, 10/26/2010 - 14:07

It is hot-swappable if it is already on the ASA.

Only the first time you put it in do you need to turn off the ASA.

PK

Daniela Herrera Tue, 10/26/2010 - 14:13

That IS really good to know.

Should the service-policy be disabled on the ASA to do that?

Thanks and regards!

pkampana Tue, 10/26/2010 - 17:01

No need to remove the policy either if you have "ips fail-open".

Please mark the question as resolved, if it is, so other benefit from it in the future.

PK

Daniela Herrera Mon, 11/01/2010 - 09:29

Thanks for the information. I can't select the correct answer since it was not my question. Let's hope the user who created it had his problem resolved.

Regards,

pkampana Tue, 11/02/2010 - 10:01

No need to remove the policy either if you have "ips fail-open".

Trying to clarify the above statement. Our documentation mentions that the modules are not hot-swappable. Even though experience has shown that you can hot-swap a module if the module is already in the ASA, we would not recommend to do it because it is not oficially tested and supported.

PK

Actions

Login or Register to take actions

This Discussion

Posted February 17, 2010 at 9:27 PM
Stats:
Replies:9 Avg. Rating:5
Views:3821 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 816
2 668
3 603
4 526
5 367
Rank Username Points
5
5
5
5
5