Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Can't Telnet to AIP-SSM 10 in ASA 5520

I can session 1 into the SSM 10 from the host ASA 5520, run setup and ping the ASA and a device hanging off the dmz but I can't ping the SSM-10 from the ASA or a host hanging off the dmz. I don't have the RJ-45 of the SSM plugged into the network. I have enabled telnet on the box [telnet-option-enable]. I need to get connectivity to this device to install new signatures images, soon.

How do I get telnet/ssh to work

Thanks in advance,

Cisco Employee

Re: Can't Telnet to AIP-SSM 10 in ASA 5520

The external RJ45 interface needs to be plugged into the network for which you configured the SSM's ip address during setup.

I am not sure how you can ping the ASA or dmz machines address without that interface plugged in. The SSM should not send ping packets in through the SSM's backplane connection to the ASA. That backplane connection should only be used for direct communication between the ASA and SSM for "session" packets, and some control packets, but not general network packets. If the ping is going through there then it would be considered a bug, and you can't rely on it.

You must use the external RJ45 connection for your command and control.

Community Member

Re: Can't Telnet to AIP-SSM 10 in ASA 5520

Once you cable up that lonely littel interface on the front of the SSM the mgmt interface comes up. Additionally, the access-list command must be done for each network needing to have telnet/ssh access to the module.

CreatePlease to create content