Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Active-Standby SSM-IPS upgrade question

I have 2 ASA 5510's with ASA-SSM-10 IPS modules. The IPS's were running version 5.0.2, and I noticed this will not be supported for SIGS so I started to upgrade to version 5.1.1g. I got one unit upgraded and it seems to be fine, but the second still says it is running 5.0.2 and it will not let me login to it via CLI. When I for a failover the IPS always seems to be with the upgraded unit, so I can never get to my other IPS to upgrade it.

What did I do wrong?



Cisco Employee

Re: Active-Standby SSM-IPS upgrade question

When you say it will not let you login via CLI, what method of connection are you attempting? Are you telneting directly to the management IP of the second SSM, or sshing directly to the management IP of the second SSM, or sessioning through the console of the second ASA into the second SSM?

What if any errors are you seeing when trying to login?

When you say that you failover the IPS you can't get to the other IPS, to what are you referring?

The SSMs don't failover to each other. They do not share configuration, and should not share IP Addresses for their management IP. If you have configured the same IP for both SSMs, then you have a bad configuration. Each SSM needs their own independant IP Address. The SSMs should be managed as independant sensors.

New Member

Re: Active-Standby SSM-IPS upgrade question

1) I am telenting into the IP of the SSM.

2) I haven't seen any errors.

3) I have 2 ASA's with ASA-SSM-10 and I menat I failover the ASA to the secondary but the IPS is still active on 1 IP even though I have 2 IP's set up for the SSM's.

In the past before the upgrade I was able to manage both units. I can ping both of the SSM's. I can login to the upgraded unit, but when I try the IP of the other unit it tells me incorrect login. These had the same users set up.

Cisco Employee

Re: Active-Standby SSM-IPS upgrade question

With an incorrect login it sounds like the password is incorrect.

Could somebody have changed the password on you.

Or could somebody have re-imaged the SSM in which case it would have reset it's password back to the default "cisco".

New Member

Re: Active-Standby SSM-IPS upgrade question

I am checking with the group that helped me with the set-up, but I thought I was able to get into both before.

Do you know of any doc for upgrading these in an active/standby configuration?