Solved: New AIP-SSM10

jdsalminen · ‎09-14-2005

Does the Gi 0/1 interface on the SSM module have to be connected to the network in order to load IPS software updates on it? I have configured the ASA interfaces already.

marcabal · ‎09-14-2005

Yes the external interface of the SSM must be connected to a network. All remote management (including downloading/pushing of updates) will be done through the external port.

A word of caution.

Many user have plugged the SSM external management interface and the ASA management interface on to the same network. They are then unable to reach the SSM from a remote site. This is because the ASA management interface is a management only interface for the ASA itself and is not able to route packets to the IP of the management port of the SSM.

To route packets to the SSM the management port of the ASA should be made a standard port (remove the management-only configuration) or move the SSM management port to a different network routed through one of the other ASA interfaces.

View solution in original post

marcabal · ‎09-14-2005

Yes the external interface of the SSM must be connected to a network. All remote management (including downloading/pushing of updates) will be done through the external port.

A word of caution.

Many user have plugged the SSM external management interface and the ASA management interface on to the same network. They are then unable to reach the SSM from a remote site. This is because the ASA management interface is a management only interface for the ASA itself and is not able to route packets to the IP of the management port of the SSM.

To route packets to the SSM the management port of the ASA should be made a standard port (remove the management-only configuration) or move the SSM management port to a different network routed through one of the other ASA interfaces.