Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS(ASA moduel) signature upgrade cause users lost connectivity to outside

Hi All:

need you adivse.


i have two ASA running A/S mode, both ASA have ASA-SSM-AIP-20-K9 inside with fail-open option and identical configuration


Any time i upgrade IPS signature/OS, users will experience around 1 minute downtime to outside.

Is this a correct behavior?

Thanks

Everyone's tags (2)
1 REPLY
Cisco Employee

Re: IPS(ASA moduel) signature upgrade cause users lost connectiv

Jason;

  That is not expected behavior for signature updates.  On the AIP-SSM's configuration, have you changed the bypass mode to off?

  For software upgrades, which require the AIP-SSM to reboot, a failover of the ASA is expected if you have not disabled the IPS inspection service policy prior to performing the upgrade.

Scott

520
Views
0
Helpful
1
Replies