Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AIP-SSM system upgrade

I've received a new asa5520 with aip-ssm (ssm-20). I have upgraded the ASA image to 7.2(3) successfully. I am trying to upgrade the SSM module from 5.1(6)E1 to 6.0(3)E1. I have the following connections

Sensor IP: 10.0.0.3

ASA G0/0: 10.0.0.2

Gateway: 10.0.0.2

TFTP server: 10.0.0.6

Subnet: /29

trying to upgrade from the ASA I have issued the commands:

hw-module module 1 recover configure

>Image URL: tftp://10.0.0.6/IPS-SSM-K9-sys-1.1-a-6.0-3-E1.img

>Port IP address: 10.0.0.3

>Gateway: 10.0.0.2

hw-module module 1 recover boot

debug module-boot

here is the output I get

Slot-1 64> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006

Slot-1 65> Platform ASA-SSM-20

Slot-1 66> GigabitEthernet0/0

Slot-1 67> Link is UP

Slot-1 68> MAC Address: 001c.5826.2083

Slot-1 69> ROMMON Variable Settings:

Slot-1 70> ADDRESS=10.0.0.3

Slot-1 71> SERVER=10.0.0.6

Slot-1 72> GATEWAY=10.0.0.2

Slot-1 73> PORT=GigabitEthernet0/0

Slot-1 74> VLAN=untagged

Slot-1 75> IMAGE=IPS-SSM-K9-sys-1.1-a-6.0-3-E1.img

Slot-1 76> CONFIG=

Slot-1 77> LINKTIMEOUT=20

Slot-1 78> PKTTIMEOUT=4

Slot-1 79> RETRY=20

Slot-1 80> tftp IPS-SSM-K9-sys-1.1-a-6.0-3-E1.img@10.0.2.6 via 10.0.2.2

Slot-1 81> TFTP failure: Packet verify failed after 20 retries

Slot-1 82> Rebooting due to Autoboot error ...

Slot-1 83> Rebooting....

Any ideas on why I'm getting the failure at line 81 would be great!

3 REPLIES
Cisco Employee

Re: AIP-SSM system upgrade

Try it again, but this time don't add a gateway address. If you go to Networkers, I cover this in the Troubleshooting IPS session. It's a frustrating problem when you initially run into it! ;-)

Only add a gateway when the TFTP server is on a different LAN segment than the sensor.

Gary

Gold

Re: AIP-SSM system upgrade

If your sensor boots into 5.x you can issue the upgrade command

upgrade ftp://user@10.0.0.22/IPS-K9-r-1.1-a-6.0-3-E1.pkg

It's less complex than re-imaging your sensor from scratch, plus there are less hidden problems that require you to attend a troubleshooting class to discover.

New Member

Re: AIP-SSM system upgrade

Thanks, I'll try both solutions in the next couple of days.

528
Views
0
Helpful
3
Replies
CreatePlease to create content