Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Image recovery on 5520 IDS Module (ASA-SSM-10) TFTP timeout failure

I have an ASA 5520 with an ASA-SSM-10 module in it for IDS.  It has (from what I can tell) never been used or configured.  In fact, I only recently found that it existed!  I would like to begin using it, starting with replacing the software image with the latest (I do NOT need any configuration from it now).
Details ...
KCH-ASA-Primary# sh module 1 details
Getting details from the Service Module, please wait...
ASA 5500 Series Security Services Module-10
Model:              ASA-SSM-10
Hardware version:   1.0
Serial Number:      JAF10422581
Firmware version:   1.0(11)2
Software version:   6.0(1)E1
MAC Address Range:  0018.b91b.69f1 to 0018.b91b.69f1
App. name:          IPS
App. Status:        Up
App. Status Desc:
App. version:       6.0(1)E1
Data plane Status:  Up
Status:             Up
Mgmt IP addr:
Mgmt web ports:     443
Mgmt TLS enabled:   true


The problem that I am having is that when I set it up to pull down the new software through TFTP, it just hangs and times out.

KCH-ASA-Primary# hw module 1 recover config
Image URL [tftp://]:
Port IP Address []:
VLAN ID [950]:
Gateway IP Address []:

And then ...

KCH-ASA-Primary# debug module-boot
debug module-boot  enabled at level 1
KCH-ASA-Primary# hw module 1 recover boot

The module in slot 1 will be recovered.  This may
erase all configuration and all data on that device and
attempt to download a new image for it.
Recover module in slot 1? [confirm]
Recover issued for module in slot 1
KCH-ASA-Primary# Slot-1 215> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan                             26 10:43:08 PST 2006
Slot-1 216> Platform ASA-SSM-10
Slot-1 217> GigabitEthernet0/0
Slot-1 218> Link is UP
Slot-1 219> MAC Address: 0018.b91b.69f1
Slot-1 220> ROMMON Variable Settings:
Slot-1 221>   ADDRESS=
Slot-1 222>   SERVER=
Slot-1 223>   GATEWAY=
Slot-1 224>   PORT=GigabitEthernet0/0
Slot-1 225>   VLAN=950
Slot-1 226>   IMAGE=IPS-sig-S789-req-E4.pkg
Slot-1 227>   CONFIG=
Slot-1 228>   LINKTIMEOUT=20
Slot-1 229>   PKTTIMEOUT=4
Slot-1 230>   RETRY=20
Slot-1 231> tftp IPS-sig-S789-req-E4.pkg@ via

KCH-ASA-Primary# Slot-1 232> TFTP failure: Packet verify failed after 20 retries
Slot-1 233> Rebooting due to Autoboot error ...
Slot-1 234> Rebooting....

I know that I can reach from 172.17.1.x.  And this is the present port IP of the device.  If I do a 'session1' and ping, I get replies.  I know my TFTP is working ... I use it for all of my switches for config backups and installing new IOS.  And watching my TFTP server window, I am not seeing any connection attempts.

What am I doing wrong here?  :-(


CreatePlease login to create content