Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
0
Helpful
4
Replies

ASA & AIP-SSM IPS

ewong0088
Level 1
Level 1

‎11-13-2009 11:52 AM - edited ‎03-11-2019 09:39 AM

ANy help is appreciated.

Getting ready to upgrade a ASA 5520 from 7.2 code to 8.x, all because of the IPS module needs to be upgraded from 6.1 to 7.x.

Two question:

(1) Should I expect a smooth upgrade (from 7.2 to 8.x) on the ASA box? Anyone runs into problem, gotcha kind of thing? ANy problem on the config file not being converted correctly?

(2) For the IPS part, do you or do you not to use the upgrade command within the IPS module? From the IPS's doc. it says to use the upgrade command. From ASA's doc. it says to use: hw-module command. If I understand this correctly, by using hw-module command to upgrade the IPS from within the ASA, it would wipe my IPS config file.Don't want to do that if I can help it.

Thank you.

Labels:
0 Helpful
4 Replies 4

mkharban
Level 1
Level 1

‎11-16-2009 10:26 AM

Hi,

There should not be any issues upgrading ASA from 7.2 to 8.x code. I would suggest going to the latest interim for 8.0(4) version as it has fixes for many caveats.

Also in case an upgrade is performed on the module the configuration will not be wiped out.

Also, the upgrade command is used for performing signature upgrade for the module. You can not upgrade the version for the module with the upgrade command.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a0080816cb4.shtml#upgrade2

Hope this helps!

Thanks,

Manish

Cisco TAC

0 Helpful

ewong0088
Level 1
Level 1
In response to mkharban

‎11-16-2009 11:09 AM

mkharban, thank you for the info.

SO what you are saying is that in order to go from 6.1.x to 7.x IPS, no matter what, I have to REIMAGE the IPS and therefore wipe my IPS config? Upgrade command within IPS won't work?

Thanks.

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee

‎11-16-2009 10:37 AM

(1) the upgrade should go smoothly and convert the config ok.

(2) if you upgrade the IPS from the ASA ("hw module" command) than it will re-image the module and wipe it is config, that is correct. Make sure you keep a copy of it. And I suggest to upgrade from the module with the patch in order to avoid a full reimage.

I hope it helps.

PK

0 Helpful

ewong0088
Level 1
Level 1
In response to Panos Kampanakis

‎11-16-2009 11:14 AM

pkampana, thank you for the info.

So you are saying upgrade command does work within the IPS going from version 6.1.x to 7.x?

These statement are contradictory. See above.

Thank you for the help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card