04-20-2010 04:54 AM - edited 03-10-2019 04:58 AM
Hi,
I have recently confgured my AIP-SSM-40 module in my firewalls which are configured in HA(Active/Standby).It was working fine.Then i upgraded the image version to IPS, 7.0(2)E3.
It was working fine for a week.Then i found that the secondary firewall was in Secondary failed state.My AIP-SSM in the secondary firewall is not responding.
I could not login the AIP-SSM with session 1 command.Show module command shows
Mod Card Type Model Serial No.
--- -------------------------------------------- ------------------ -----------
0 ASA 5520 Adaptive Security Appliance ASA5520
1 ASA 5500 Series Security Services Module-40 ASA-SSM-40
Mod MAC Address Range Hw Version Fw Version Sw Version
--- --------------------------------- ------------ ------------ ---------------
0 0021.a09a.d1bb to 0021.a09a.d1bf 2.0 1.0(11)5 8.0(4)
1 0023.5e15.f6c8 to 0023.5e15.f6c8 1.0 1.0(14)5
Mod SSM Application Name Status SSM Application Version
--- ------------------------------ ---------------- --------------------------
Mod Status Data Plane Status Compatibility
--- ------------------ --------------------- -------------
0 Up Sys Not Applicable
1 Unresponsive Not Applicable
at the end of the show failover command shows
slot 1: ASA-SSM-40 hw/sw rev (1.0/) status (Unresponsive/Up)
I suspect SSM module is having the issue.Is there any way to recover.
Solved! Go to Solution.
04-20-2010 05:00 AM
Try to shutdown and reset the module using this command from the ASA:
hw-module module 1 reset
04-20-2010 05:00 AM
Try to shutdown and reset the module using this command from the ASA:
hw-module module 1 reset
04-20-2010 09:30 AM
Thx...
After the reset it is working fine.
Few documents depicts that AIP-SSM module will not play any role with HA of the firewall but why the HA was stuck in my case.
-uthay
04-20-2010 02:38 PM
If the module fails/becomes not responsive, the ASA firewall will detect that, and will report that it has failed.
Here is the URL on the timeout detected by the ASA when the module fails:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1149492
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: