Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2718
Views
8
Helpful
3
Replies

ASA-SSM-20 recovery

matthewmphc
Level 1
Level 1

‎06-04-2007 06:32 AM - edited ‎03-10-2019 03:38 AM

I have an ASA-SSM-20 IPS module in our ASA 5520 appliance. I was trying a password recovery and now the module seems to be stuck in recovery mode. When I issue the "show module 1" command, the status is recovery mode. I issued a "debug module-boot" command and it shows the following:

ASA(config)# Slot-1 99> Link is DOWN

Slot-1 100> MAC Address: 0013.c482.4daa

Slot-1 101> Link State is Down

Slot-1 102> Rebooting due to Autoboot error ...

Slot-1 103> Rebooting....

Slot-1 104> Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST

2005

Slot-1 105> Platform ASA-SSM-20

Slot-1 106> GigabitEthernet0/0

Slot-1 107> Link is DOWN

Slot-1 108> MAC Address: 0013.c482.4daa

Slot-1 109> Link State is Down

Slot-1 110> Rebooting due to Autoboot error ...

Slot-1 111> Rebooting....

Slot-1 112> Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST

2005

It just keeps looping through this message. I cannot get it out of this mode, even with a hw-module module 1 reload command. Any ideas?

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Rodrigo Gurriti
Level 3
Level 3

‎06-04-2007 07:06 PM

try: hw-module module 1 recover stop

if the image already got erased (what looks like) you'll have to install an other one but if not try:hw-module module slot_number password-reset

that will reset the password w/out reimage the appliance

If you have to reimage try:hw-module module 1 recover configure

then you be in something like a rommon mode

and you will need to specify:

-ftfp

-image

-ip

-gateway

hw-module module 1 recover boot

then it will downlowad the new image,

once you done try:show module "X"

matthewmphc
Level 1
Level 1
In response to Rodrigo Gurriti

‎06-05-2007 06:39 AM

I was able to stop the recovery process, thanks. However, I cannot use the password-reset option, as it tells me "The SSM application version does not support password reset. Failed to reset the password on the module in slot 1"

When I try the recover process again, I put in the tftp info and image, put in an ip that is on the same subnet as the tftp server, and then try the hw-module module 1 recover boot command. Then it doesn't do anything. No activity on the tftp server, and if I debug the boot, it gives me the same output as in my original post. I can ping the tftp server from the ASA, so I would assume the ip info I am putting in should work, but there appears to be no way to test the connectivity from the "port" ip address it asks me to define during the configure prompts. Any ideas?

0 Helpful

jcho
Level 1
Level 1
In response to matthewmphc

‎02-09-2012 02:33 PM

If your tftp and the SSM are on the same subnet, do NOT specify the Gateway IP Address (just leave it as 0.0.0.0).  For some reason, if you specify the Gateway, it will try to connect the tftp server "via" the Gateway which will not work.

As for Vlan ID, in this case, keep the default value "0", which means no VLAN ID.

Example:

Image url:  tftp://192.168.6.131/IPS-SSM_10-K9-sys-1.1-a-7.0-7-E4.img

Port IP Address: 192.168.6.121

Gateway IP address: 0.0.0.0  (*** Very important. ***)

Vlan ID: 0

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card