ASA -AIP-SSM20

Answered Question
Jun 18th, 2010

Hello,

Will the configs will replicate to the AIP-SSM 20 from primary ASA to Secondary ASA with AIP-SSM20,  OR failover only replicates the ASA configs.

If so it is only replicating the ASA configs then what we shld do to replicate configs from primary AIP-SSM20 to Secondary AIP-SSM20,????

Is there any method or manual copy/paste from 1 AIP-SSM20 to another.

Thanks,

I have this problem too.
0 votes
Correct Answer by edadios about 6 years 5 months ago

The AIP module interface needs to be connected to a port on the switch. The port on the switch has to be on the same vlan, to which the

ip address/subnet you assigned to the AIP module belongs to.

You use IDM or IEV to connect to the AIP via the ip address you assigned to the AIP, and it's path is through the port on the AIP module (not the ASA)

Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Panos Kampanakis Fri, 06/18/2010 - 13:06

Failover only replicates ASA configs and conn states.

Unfortunately, the AIPs do not replicate configs.

I hope it helps.

PK

thomasandy32 Fri, 06/18/2010 - 13:17

Hello Dear,

Thanks for ur reply for above query,another question:

Is it so i have to connect the AIP management0/0 port to core switch OR without connecting also i can telnet to IPS i hope traffic will travel by ASA, ?????

Message was edited by: thomasandy32

Panos Kampanakis Fri, 06/18/2010 - 13:55

The management interface of the AIP is for management and upgrades.

You can configure it from the ASA by doing "session 1" on the ASA CLI.

PK

thomasandy32 Sat, 06/19/2010 - 01:06

Hello,

Do the management interface on AIP-SSM 20 should be connected to core switch,because the IP what i specify is not reacheable from inside network, if i dont conenct a cable to core switch,

1) I used the inside interface subnet for the AIP-SSM management0/0 and allowed the subnet in access-list without connecting a cable to core it is not reacheable.

Correct Answer
edadios Sat, 06/19/2010 - 01:17

The AIP module interface needs to be connected to a port on the switch. The port on the switch has to be on the same vlan, to which the

ip address/subnet you assigned to the AIP module belongs to.

You use IDM or IEV to connect to the AIP via the ip address you assigned to the AIP, and it's path is through the port on the AIP module (not the ASA)

Regards,

Jennifer Halim Sat, 06/19/2010 - 01:17

For management to the AIP module, the management interface on the AIP module itself needs to be connected to your network (core switch) and configured in the correct VLAN, and the AIP module needs to be configured with an ip address in that VLAN which is accessible from your internal network.

Hope that helps.

Actions

This Discussion