Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AIP SSM-10 is unresponsive

Hi,

I am having problem with my AIP SSM 10 which is installed in ASA 5510, the following output comes when i issue command "show module"

Mod Card Type                                    Model              Serial No.

--- -------------------------------------------- ------------------ -----------

  0 ASA 5510 Adaptive Security Appliance         ASA5510            xxxxxxxxxxx

  1 ASA 5500 Series Security Services Module-10  ASA-SSM-10  xxxxxxxxxxx

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version

--- --------------------------------- ------------ ------------ ---------------

  0 0021.a0ec.e807 to 0021.a0ec.f80b  2.0          1.0(11)5     8.0(4)

  1 0021.a0af.dbdf to 0021.a0af.cbdf  1.0            1.0(11)5

Mod SSM Application Name           Status           SSM Application Version

--- ------------------------------ ---------------- --------------------------

Mod Status             Data Plane Status     Compatibility

--- ------------------ --------------------- -------------

  0 Up Sys                Not Applicable

  1 Unresponsive       Not Applicable

ASA#

i have searched the relavent docs from cisco's site, and issued commands to resolve the issues i.e.
ASA# hw module 1 reset
The module in slot 1 should be shut down before
resetting it or loss of configuration may occur.
Reset module in slot 1? [confirm]
Reset issued for module in slot 1
No positive result.
ASA-A# Reload module in slot 1?
ERROR: % Unrecognized command
ASA-A# Reload module in slot 1 [confirm]
Module in slot 1 can not be reloaded, not in Up state.
please help.
regards
Zafar

9 REPLIES
Cisco Employee

Re: AIP SSM-10 is unresponsive

Enable "debug module" and do a "hw module 1 reset". If you don't see a debug after a bit saying "Booting...", try reseating the module if it is still in Unresponsive status. It is hot-swappable if it is already in the ASA.

I hope it helps.

PK

New Member

Re: AIP SSM-10 is unresponsive

Is it really hot-swappable? Below links states you need to shutdown the module and power off the ASA  before removing the SSM.

http://www.cisco.com/en/US/docs/security/ips/5.1/installation/guide/hwSSM.html#wp1040424

Cisco Employee

Re: AIP SSM-10 is unresponsive

You need to power down the ASA ONLY if it is the first time you are putting the module in.

If the module is still in there you can reseat it without powering down the ASA.

I hope it makes sense.

PK

New Member

Re: AIP SSM-10 is unresponsive

I also had the idea that the AIP-SSM was not hot-swap, can't assure otherwise. But I agree that pulling it out and in again on the ASA should fix the problem.I've done it by shuting down the ASA. It's real quick.

You can also try the "hw-module recover" option (which you have to configure first) in case the module allows it. This will restore the module to factory defaults so it's really important to realize that configuration will  be gone and that a copy of the license information is needed to re-activate the module.

The debug they mention earlier is really useful during this process since you won't be seeing anything on the ASA and the module will take a while to get back up.

Hope this is useful.

Regards,

Cisco Employee

Re: AIP SSM-10 is unresponsive

It is hot-swappable if it is already on the ASA.

Only the first time you put it in do you need to turn off the ASA.

PK

New Member

Re: AIP SSM-10 is unresponsive

That IS really good to know.

Should the service-policy be disabled on the ASA to do that?

Thanks and regards!

Cisco Employee

Re: AIP SSM-10 is unresponsive

No need to remove the policy either if you have "ips fail-open".

Please mark the question as resolved, if it is, so other benefit from it in the future.

PK

New Member

Re: AIP SSM-10 is unresponsive

Thanks for the information. I can't select the correct answer since it was not my question. Let's hope the user who created it had his problem resolved.

Regards,

Cisco Employee

Re: AIP SSM-10 is unresponsive

No need to remove the policy either if you have "ips fail-open".

Trying to clarify the above statement. Our documentation mentions that the modules are not hot-swappable. Even though experience has shown that you can hot-swap a module if the module is already in the ASA, we would not recommend to do it because it is not oficially tested and supported.

PK

4765
Views
5
Helpful
9
Replies