We have an ASA 5510 with CSC module and have been having trouble for a few months. Just about daily, our Internet connection would stop. It turned out that only http connections would stop, while https connections were fine. Ok, so the problem seems to be the CSC. If I disable the CSC, we don't have problems. In talking with Cisco, I was told to upgrade to the latest software for our CSC and ASA, in a specific order (can't just go to the latest in one shot).
Current software version for ASA: 7.2(1)
Current software version for CSC: 6.1.1569.0
So, I uploaded the next patch for the CSC as 6.2.1599.0 (using a pkg patch). It uploaded fine and if I look at the latest patches, it shows that one. However, the software version that it shows has not changed, and 2 things happened:
1) Our Internet went out. I had to "disable" the CSC again to get it back. By "disable" I have issued these commands to take out the ACL that matches traffic to the CSC: "class-map CSC_cm" AND no "match access-list CSC_acl"
2) The CSC went from being down and unavailable to up and available, but it is not checking any of the traffic.
And now, I can't continue to put the next patch, because I get a message saying that this patch (6.2.1599.6) needs to be uploaded onto at least 6.2.1599.0, which mine is only 6.1.1569.0!
What can I do at this point? I thought of trying a reimage with a full version of 6.2.1599.0 (or earlier to start over), but what will that do? Will I lose my configuration? Like I said, I'm very much a novice when it comes to Cisco setup.
I am not getting any more response from Cisco, so I wanted to try here.
You can remove the ASA from sending http traffic through the CSC (in the ASA csc acl) while you are upgrading in order to avoid potential problems.
To re-image you can follow http://supportforums.cisco.com/docs/DOC-1323 but you will lose your config. You can export it as explained in the link, but from such early versions as 6.1 you might have issues importing it back.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...