Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5540 IPS Module removal Quesiton

I have 2 ASA 5540's that I want to run in HA A/F.  The active ASA has an IPS module running.  I no longer need this and would rather remove it than purchase another module for the spare.  What is the process to do this safely? After removal will the HA wizard recognize that the module was removed or do I have to update the software? Thanks in advance for the advice...

Everyone's tags (4)
3 REPLIES
Cisco Employee

ASA 5540 IPS Module removal Quesiton

Not sure how the failover is on if you only have IPS module on the Active device.

For failover to work, it needs to have exactly the same hardware including the SSM card as per the following document:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1130001

But if you would like to remove the IPS module from the active unit, there is nothing that needs to be done (no software update is required), and just check that the failover is running by issuing: show failover

Community Member

ASA 5540 IPS Module removal Quesiton

Sorry about that.  That was a typo.  I meant Active/Standby.  I don't have the standby ASA configured yet.  I couldn't get past the wizard saying I had a Hardware mismatch.  I just wanted to know if anyone out here in intertube land has encountered any issues pulling the IPS module from the ASA or is it as easy as shutting it off, pulling the card, and turning it back on. 

Cisco Employee

ASA 5540 IPS Module removal Quesiton

Yup, it is just as easy as shutting it off, pulling the card and turning it back on. You are absolutely correct.

371
Views
0
Helpful
3
Replies
CreatePlease to create content