I have an ASA-SSM-20 IPS module in our ASA 5520 appliance. I was trying a password recovery and now the module seems to be stuck in recovery mode. When I issue the "show module 1" command, the status is recovery mode. I issued a "debug module-boot" command and it shows the following:
ASA(config)# Slot-1 99> Link is DOWN
Slot-1 100> MAC Address: 0013.c482.4daa
Slot-1 101> Link State is Down
Slot-1 102> Rebooting due to Autoboot error ...
Slot-1 103> Rebooting....
Slot-1 104> Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST
Slot-1 105> Platform ASA-SSM-20
Slot-1 106> GigabitEthernet0/0
Slot-1 107> Link is DOWN
Slot-1 108> MAC Address: 0013.c482.4daa
Slot-1 109> Link State is Down
Slot-1 110> Rebooting due to Autoboot error ...
Slot-1 111> Rebooting....
Slot-1 112> Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST
It just keeps looping through this message. I cannot get it out of this mode, even with a hw-module module 1 reload command. Any ideas?
I was able to stop the recovery process, thanks. However, I cannot use the password-reset option, as it tells me "The SSM application version does not support password reset. Failed to reset the password on the module in slot 1"
When I try the recover process again, I put in the tftp info and image, put in an ip that is on the same subnet as the tftp server, and then try the hw-module module 1 recover boot command. Then it doesn't do anything. No activity on the tftp server, and if I debug the boot, it gives me the same output as in my original post. I can ping the tftp server from the ASA, so I would assume the ip info I am putting in should work, but there appears to be no way to test the connectivity from the "port" ip address it asks me to define during the configure prompts. Any ideas?
If your tftp and the SSM are on the same subnet, do NOT specify the Gateway IP Address (just leave it as 0.0.0.0). For some reason, if you specify the Gateway, it will try to connect the tftp server "via" the Gateway which will not work.
As for Vlan ID, in this case, keep the default value "0", which means no VLAN ID.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :