Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Bronze

AIP - SSM Module Move Between ASAs

I have a customer that has an ASA5510 with AIP-SSM-10 installed and they want to move this module to an ASA5520.  The ASA5510 with AIP is in production and has all the licensing installed.  My questions are...

1. Will I need to start from scratch on the AIP configuration or can I move the module to the ASA5520 without much hassle?

2. Will I need to change or purchase any licensing on either the ASA5520 or AIP module once it's moved?

3. Are there any other gotchas I should be aware of when doing this move?

Thanks in advance for your help.

2 REPLIES

AIP - SSM Module Move Between ASAs

Hello,

1)

I would say yes as you will need to reset it to change all of the network settings so it can adapt to the new network IP configuration, etc.

2)

No, licensing affects directly the IPS module not the parent ASA.

3)

Make sure you are not running failover on any of the cases and if yes then

-if you remove the IPS failover will be removed as hardware do not mach

-for the new HA make sure both have IPS module (hardware not matching will turn off failover)

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

AIP - SSM Module Move Between ASAs

rchilcote keep us posted on how that move worked out; I am interested to hear any undocumented gotchas specifically killing the production ASA simply by REMOVING that module

675
Views
0
Helpful
2
Replies
CreatePlease to create content