Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1714
Views
0
Helpful
3
Replies

After log in at AIP-SSM, command prompt is not coming

dipak jaiswal
Level 1
Level 1

‎11-01-2011 03:12 AM - edited ‎03-10-2019 05:32 AM

Hi,

We have two AIP-SSM module installed at Cisco ASA 5540 running at Active/Standby mode.We are able to log in at our Primary AIP-SSM module, but after log in we are unable to issue any command as the prompt is not coming back. We have issue the following command to check the errors:

Primary ASA# show failover history

06:08:32 IST Sep 4 2011

Standby Ready              Just Active                Service card in other unit has failed

06:08:32 IST Sep 4 2011

Just Active                Active Drain               Service card in other unit has failed

06:08:32 IST Sep 4 2011

Active Drain               Active Applying Config     Service card in other unit has failed

06:08:32 IST Sep 4 2011

Active Applying Config     Active Config Applied      Service card in other unit has failed

06:08:32 IST Sep 4 2011

Active Config Applied      Active                     Service card in other unit has failed

Secondary ASA# show module

Mod Card Type                                    Model              Serial No.

--- -------------------------------------------- ------------------ -----------

  0 ASA 5540 Adaptive Security Appliance         ASA5540            JMX1311L0U6

  1 ASA 5500 Series Security Services Module-40  ASA-SSM-40         JAF1307AACC

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version

--- --------------------------------- ------------ ------------ ---------------

  0 0021.a0ed.203b to 0021.a0ed.203f  2.0          1.0(11)5     8.0(4)

  1 0024.14d0.4407 to 0024.14d0.4407  1.0          1.0(14)5

Mod SSM Application Name           Status           SSM Application Version

--- ------------------------------ ---------------- --------------------------

Mod Status             Data Plane Status     Compatibility

--- ------------------ --------------------- -------------

  0 Up Sys             Not Applicable

  1 Unresponsive       Not Applicable

While trying to log in with session command at ASA, the following output given by ASA:

Secondary ASA # session 1

Opening command session with slot 1.

Card in slot 1 did not respond to session request.

SSEL-DCKOL-FWIN-MT05-01#

Module Details

Secondary ASA # show module 1 details

Getting details from the Service Module, please wait...

Unable to read details from slot 1

ASA 5500 Series Security Services Module-40

Model:              ASA-SSM-40

Hardware version:   1.0

Serial Number:      JAF1307AACC

Firmware version:   1.0(14)5

Software version:

MAC Address Range:  0024.14d0.4407 to 0024.14d0.4407

Data plane Status:  Not Applicable

Status:             Unresponsive

After log in at IPS, only following output is coming. Command prompt is not coming back

login as: admin

Using keyboard-interactive authentication.

Password:

Last login: Tue Nov  1 15:37:40 2011 from 172.21.15.12

***NOTICE***

This product contains cryptographic features and is subject to United States

and local country laws governing import, export, transfer and use. Delivery

of Cisco cryptographic products does not imply third-party authority to import,

export, distribute or use encryption. Importers, exporters, distributors and

users are responsible for compliance with U.S. and local country laws. By using

this product you agree to comply with applicable laws and regulations. If you

are unable to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Please help me solve this issue.

Thanks a lot in advance.

Regards

Dipak

Labels:
0 Helpful
3 Replies 3

rhermes
Level 7
Level 7

‎11-01-2011 08:52 AM

Dipak -

It appears your AIP-SSM module is hung. It should be reporting a Software Version and the Status should be UP. Your module shows:

Software version:

...

Status:             Unresponsive

I would first attempt to reset your module, if that doesn't solve your problem, you should reimage your module.

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliSSM.html#wp1034193

- Bob

0 Helpful

dipak jaiswal
Level 1
Level 1
In response to rhermes

‎11-01-2011 10:18 AM

Hi,

Do resetting AIP-SSM module will have any impact on IPS configuration. Please suggest, as we have very rare knowledge about IPS. Can be resetting be done on production enviroment( If resetting has no impact on production enviroment) if yes, the we will take downtime.

Thanks a lot for your support.

Regards

Dipak

0 Helpful

rhermes
Level 7
Level 7
In response to dipak jaiswal

‎11-01-2011 11:08 AM

Dipak -

Resetting an IPS Module will not change the configuration on that module.

Resetting your IPS mdoule will cause a failover to yoru standby ASA if the AIP-SSM module is configured for In-Line operation.

If you do not wish to have a failover, you can remove the IPS configuration section from the ASA config.

During the time the IPS module is rebooting, you will not have any IPS inspection taking place.

- Bob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card