Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA & AIP-SSM IPS

ANy help is appreciated.

Getting ready to upgrade a ASA 5520 from 7.2 code to 8.x, all because of the IPS module needs to be upgraded from 6.1 to 7.x.

Two question:

(1) Should I expect a smooth upgrade (from 7.2 to 8.x) on the ASA box? Anyone runs into problem, gotcha kind of thing? ANy problem on the config file not being converted correctly?

(2) For the IPS part, do you or do you not to use the upgrade command within the IPS module? From the IPS's doc. it says to use the upgrade command. From ASA's doc. it says to use: hw-module command. If I understand this correctly, by using hw-module command to upgrade the IPS from within the ASA, it would wipe my IPS config file.Don't want to do that if I can help it.

Thank you.

4 REPLIES
New Member

Re: ASA & AIP-SSM IPS

Hi,

There should not be any issues upgrading ASA from 7.2 to 8.x code. I would suggest going to the latest interim for 8.0(4) version as it has fixes for many caveats.

Also in case an upgrade is performed on the module the configuration will not be wiped out.

Also, the upgrade command is used for performing signature upgrade for the module. You can not upgrade the version for the module with the upgrade command.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a0080816cb4.shtml#upgrade2

Hope this helps!

Thanks,

Manish

Cisco TAC

New Member

Re: ASA & AIP-SSM IPS

mkharban, thank you for the info.

SO what you are saying is that in order to go from 6.1.x to 7.x IPS, no matter what, I have to REIMAGE the IPS and therefore wipe my IPS config? Upgrade command within IPS won't work?

Thanks.

Cisco Employee

Re: ASA & AIP-SSM IPS

(1) the upgrade should go smoothly and convert the config ok.

(2) if you upgrade the IPS from the ASA ("hw module" command) than it will re-image the module and wipe it is config, that is correct. Make sure you keep a copy of it. And I suggest to upgrade from the module with the patch in order to avoid a full reimage.

I hope it helps.

PK

New Member

Re: ASA & AIP-SSM IPS

pkampana, thank you for the info.

So you are saying upgrade command does work within the IPS going from version 6.1.x to 7.x?

These statement are contradictory. See above.

Thank you for the help.

153
Views
0
Helpful
4
Replies