There's a mobile version of our website.
I've installed an ASA-SSM-10 module into my ASA 5510 firewall but it's in "Unresponsive" state. I tried to reset and recover the module but nothing seems to work. Below you may find information about the system and details about what I did. Any help is greatly appreciated.
ASA5510-K8, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
System image file is "disk0:/asa843-k8.bin"
Device Manager Version 6.4(3)
ASA 5500 Series Security Services Module-10 ASA-SSM-10
Hw Version: 1.0
Sw Version: 6.2(2)E4
SSM Application Version: 6.2(2)E4
I have 2 IPS images at my TFTP server:
I tried the command: hw-module module 1 reset
At first module status changes to "Inıt" but after then it goes back to "Unresponsive"
I used the command "hw-module module 1 recover configure" for 2 different images mentioned above by the same order and then tried:
"hw-module module 1 recover boot"
Module status changes to "Recover" and stays like that for hours. I've waited for 2 hours for 2 different images. And then I issued the command: hw-module module 1 recover stop and the module goes back to "Unresponsive" state.
The Module's network interface is connected to the same switch where the TFTP server is connected. When I run a sniffer on the TFTP server (Linux, tcpdump), there's no TFTP activity. But I can use this TFTP server from ASA (Connected to the Inside interface).
ASA Inside interface IP Address: X.X.X.1
TFTP Server IP Address: X.X.X.8
"show module 1 recover" command output:
Module 1 recover parameters...
Boot Recovery Image: Yes
Port IP Address: X.X.X.2
Gateway IP Address: X.X.X.1
VLAN ID: 0
(There are no VLANs used on this network.)
Thanks for your response. As I mentioned earlier in my email, I tried 2 different images (IPS-SSC_5-K9-sys-1.1-a-6.2-2-E4.img and IPS-SSM_10-K9-sys-1.1-a-7.1-5-E4.img) without any success. Since there are no packets coming from IPS on the TFTP server, I think the problem is something else.
When I run the "debug cplane 255" command, I see some errors mentioned below:
asa(config)# debug cplane 255
debug cplane enabled at level 255
cp_connect: Connecting to card 1, socket 3, port 7000
cp_connect: Error - cp_connect() returned -1
cp_check_connection: handle -1, conflicts with connection 1 (-1)
cp_check_connection: handle -1, conflicts with connection 2 (-1)
cp_check_connection: handle -1, conflicts with connection 3 (-1)
cp_update_connection: Error updating connection_id 0
Is this a hardware issue?
How did you connect the AIP module to the tftp server?
You would need to use the port on the module itself to connect it to the network or directly to your tftp server.
You can't use the backplane on the ASA for management traffic towards the AIP module.
If the module does not come up as "UP" state after resetting it, you might need to get an RMA of the module.
I understand that you have tried to reset the module, did you also try to reload the module?
hw-module module 1 reload
If all fails, then RMA would be the way to go.
Yes, I tried to reset the module. Since it is in "Unresponsive" state, hw-module module 1 reload command does not work. I will power cycle the ASA and try to recover the module again before contacting RMA. Thanks for your help.
Did you ever get this problem resolved? I am havign the exact same issue on my ASA 5510. Did you have to RMA it or did a re-seat of the module solve the problem. Just wondering if you fixed it.
Yes 7.1.5-E4 has been withdrawn
Login to share your discussion activity with your friends on Facebook. You can control what you share and turn off sharing anytime.
Your Facebook friends can now see that you have started this discussion
Your Facebook friends can now see that you have commented on this discussion
Your Facebook friends can now see that you have read this discussion