I have ASA 5520 running ver 8.0(2) and AIP-SSM-20 version 5.1(6)E1. I lost the password and in the process to recover I tried loading the image on AIP-SSM-20. The image I am trying to load is IPS-SSM-K9-sys-1.1-a-6.0-3-E1.img but the status on ASA still shows Recover. I am using the following configuration.
Under Port IP Address I have given the IP address of IPS (I was not sure what this means). Status "Recover" did not change for a day and then I stopped it. Tried again and the status is still the same.
What could be the issue and what is the solution to this problem. The document does not mention the time it will take to recoever and there is no way to monitor the progress. Any help / pointers in the right direction appreciated.
However, the user does not have direct access to the SSM Rommon.
The "debug module-boot" allows users to see the SSM ROMMON messages from the ASA console.
Watch the SSM ROMMON output and you maybe able to see what error is happening. More than likely something is misconfigured in your recovery configuration. If ROMMON is not able to download the file, the SSM reboots and ROMMON tries again. It continues to repeat this cycle until you stop it or fix the recover configuration.
My best guess in looking at your output from the post is that your filename may be incorrect.
Your filename listed is:
But it should likely be:
without the "" in the name.
In addition you need to use an IP Address for the tftp server. It looks like you may have used a machine name instead of an IP.
You are correct that the port IP is the same IP you used for the SSM management IP.
Other usual problems are using the wrong directory location on the tftp server.
For the benefit of others I am giving below the resolution of this problem.
In the setup, IPS and ASA inside network were the same and ASA inside IP was the default gateway. So when I configured the "hw-module module 1 recover config" I gave the ASA inside IP address as the default gateway (which was not wrong). Because my tftp was also on the same subnet there was no need of a default gateway. So if you give the IP address of TFTP server as your default gateway the problem will be resolved.
Important please ensure the Network cable is connected to the AIP-SSM module and can reach the tftp server.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :