Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
4
Replies

Active-Standby SSM-IPS upgrade question

ddevecka
Level 1
Level 1

‎08-31-2006 05:28 AM - edited ‎03-10-2019 03:11 AM

I have 2 ASA 5510's with ASA-SSM-10 IPS modules. The IPS's were running version 5.0.2, and I noticed this will not be supported for SIGS so I started to upgrade to version 5.1.1g. I got one unit upgraded and it seems to be fine, but the second still says it is running 5.0.2 and it will not let me login to it via CLI. When I for a failover the IPS always seems to be with the upgraded unit, so I can never get to my other IPS to upgrade it.

What did I do wrong?

Thanks,

Dan

Labels:
0 Helpful
4 Replies 4

marcabal
Cisco Employee
Cisco Employee

‎08-31-2006 11:26 AM

When you say it will not let you login via CLI, what method of connection are you attempting? Are you telneting directly to the management IP of the second SSM, or sshing directly to the management IP of the second SSM, or sessioning through the console of the second ASA into the second SSM?

What if any errors are you seeing when trying to login?

When you say that you failover the IPS you can't get to the other IPS, to what are you referring?

The SSMs don't failover to each other. They do not share configuration, and should not share IP Addresses for their management IP. If you have configured the same IP for both SSMs, then you have a bad configuration. Each SSM needs their own independant IP Address. The SSMs should be managed as independant sensors.

0 Helpful

ddevecka
Level 1
Level 1
In response to marcabal

‎08-31-2006 11:48 AM

1) I am telenting into the IP of the SSM.

2) I haven't seen any errors.

3) I have 2 ASA's with ASA-SSM-10 and I menat I failover the ASA to the secondary but the IPS is still active on 1 IP even though I have 2 IP's set up for the SSM's.

In the past before the upgrade I was able to manage both units. I can ping both of the SSM's. I can login to the upgraded unit, but when I try the IP of the other unit it tells me incorrect login. These had the same users set up.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to ddevecka

‎08-31-2006 02:25 PM

With an incorrect login it sounds like the password is incorrect.

Could somebody have changed the password on you.

Or could somebody have re-imaged the SSM in which case it would have reset it's password back to the default "cisco".

0 Helpful

ddevecka
Level 1
Level 1
In response to marcabal

‎09-01-2006 04:59 AM

I am checking with the group that helped me with the set-up, but I thought I was able to get into both before.

Do you know of any doc for upgrading these in an active/standby configuration?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card