cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
846
Views
0
Helpful
6
Replies

ASA -AIP-SSM20

thomasandy32
Level 1
Level 1

Hello,

Will the configs will replicate to the AIP-SSM 20 from primary ASA to Secondary ASA with AIP-SSM20,  OR failover only replicates the ASA configs.

If so it is only replicating the ASA configs then what we shld do to replicate configs from primary AIP-SSM20 to Secondary AIP-SSM20,????

Is there any method or manual copy/paste from 1 AIP-SSM20 to another.

Thanks,

1 Accepted Solution

Accepted Solutions

The AIP module interface needs to be connected to a port on the switch. The port on the switch has to be on the same vlan, to which the

ip address/subnet you assigned to the AIP module belongs to.

You use IDM or IEV to connect to the AIP via the ip address you assigned to the AIP, and it's path is through the port on the AIP module (not the ASA)

Regards,

View solution in original post

6 Replies 6

Panos Kampanakis
Cisco Employee
Cisco Employee

Failover only replicates ASA configs and conn states.

Unfortunately, the AIPs do not replicate configs.

I hope it helps.

PK

Hello Dear,

Thanks for ur reply for above query,another question:

Is it so i have to connect the AIP management0/0 port to core switch OR without connecting also i can telnet to IPS i hope traffic will travel by ASA, ?????

Message was edited by: thomasandy32

The management interface of the AIP is for management and upgrades.

You can configure it from the ASA by doing "session 1" on the ASA CLI.

PK

Hello,

Do the management interface on AIP-SSM 20 should be connected to core switch,because the IP what i specify is not reacheable from inside network, if i dont conenct a cable to core switch,

1) I used the inside interface subnet for the AIP-SSM management0/0 and allowed the subnet in access-list without connecting a cable to core it is not reacheable.

The AIP module interface needs to be connected to a port on the switch. The port on the switch has to be on the same vlan, to which the

ip address/subnet you assigned to the AIP module belongs to.

You use IDM or IEV to connect to the AIP via the ip address you assigned to the AIP, and it's path is through the port on the AIP module (not the ASA)

Regards,

For management to the AIP module, the management interface on the AIP module itself needs to be connected to your network (core switch) and configured in the correct VLAN, and the AIP module needs to be configured with an ip address in that VLAN which is accessible from your internal network.

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: