Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

will reloading an ASA-SSM effect the Firewall itself?

We've lost the login info for the IPS-SSM on our ASA 5520. It looks like we will need to re image the module with a newer software version. It currently is not in use i.e. no rules for it on the the firewall. Will this process take the firewall off line at all?

Output from sh command:

Firewall03# show module 1

Mod Card Type Model Serial No.

--- -------------------------------------------- ------------------ -----------

1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 xxxxxxx

Mod MAC Address Range Hw Version Fw Version Sw Version

--- --------------------------------- ------------ ------------ ---------------

1 001b.0ce2.xxxx to 001b.0ce2.xxxx 1.0 1.0(11)2 5.1(5)E1

Mod SSM Application Name Status SSM Application Version

--- ------------------------------ ---------------- --------------------------

1 IPS Up 5.1(5)E1

Mod Status Data Plane Status Compatibility

--- ------------------ --------------------- -------------

1 Up Up

Firewall03# show module 1 recover

Module 1 recover parameters...

Boot Recovery Image: No

Image URL: tftp://0.0.0.0/

Port IP Address: 0.0.0.0

Gateway IP Address: 0.0.0.0

VLAN ID: 0

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: will reloading an ASA-SSM effect the Firewall itself?

No, it should not affect the firewall operation at all. It would only be affected if you were running it in inline mode with fail closed enabled.

5 REPLIES
Green

Re: will reloading an ASA-SSM effect the Firewall itself?

No, it should not affect the firewall operation at all. It would only be affected if you were running it in inline mode with fail closed enabled.

New Member

Re: will reloading an ASA-SSM effect the Firewall itself?

Thanks that's what I need to know.

Re: will reloading an ASA-SSM effect the Firewall itself?

If you are running active/standby the asa will failover when you reload the SSM module, which is required for the reimaging. Just a note to remember, with version 8.0.3 i think it was there has been introduced some kinda keepalive function on the backplane to keep the asa from failing over when rebooting the module.

New Member

Re: will reloading an ASA-SSM effect the Firewall itself?

So it will have an effect on the firewall, causing it to fail over?

Also I am having a hard time understanding the recovery process as it seems the device needs to be configured to allow the recovery image to be used. I have no idea how if at all the device is configured, we have zero access to the device as we have none of the passwords for it and no idea how it's configured.

from looking at the above (1st post) you can there is no recovery location set. How do I recover with no info on the device?

Firewall03# sh module 1 details

Getting details from the Service Module, please wait...

ASA 5500 Series Security Services Module-20

Model: ASA-SSM-20

Hardware version: 1.0

Serial Number: JAF111XXXXX

Firmware version: 1.0(11)2

Software version: 5.1(5)E1

MAC Address Range: 001b.0ce2.XXXX to 001b.0ce2.XXXX

App. name: IPS

App. Status: Up

App. Status Desc:

App. version: 5.1(5)E1

Data plane Status: Up

Status: Up

Mgmt IP addr: 10.1.9.201

Mgmt web ports: 443

Mgmt TLS enabled: true

Firewall03# sh module 1 recover

Module 1 recover parameters...

Boot Recovery Image: No

Image URL: tftp://0.0.0.0/

Port IP Address: 0.0.0.0

Gateway IP Address: 0.0.0.0

VLAN ID: 0

Firewall03#

New Member

Re: will reloading an ASA-SSM effect the Firewall itself?

Closed: New topic started

268
Views
0
Helpful
5
Replies