Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
0
Replies

Image recovery on 5520 IDS Module (ASA-SSM-10) TFTP timeout failure

Steve Ballantyne
Level 1
Level 1

‎04-25-2014 07:31 AM - edited ‎03-10-2019 06:11 AM

I have an ASA 5520 with an ASA-SSM-10 module in it for IDS.  It has (from what I can tell) never been used or configured.  In fact, I only recently found that it existed!  I would like to begin using it, starting with replacing the software image with the latest (I do NOT need any configuration from it now).
Details ...
KCH-ASA-Primary# sh module 1 details
Getting details from the Service Module, please wait...
ASA 5500 Series Security Services Module-10
Model:              ASA-SSM-10
Hardware version:   1.0
Serial Number:      JAF10422581
Firmware version:   1.0(11)2
Software version:   6.0(1)E1
MAC Address Range:  0018.b91b.69f1 to 0018.b91b.69f1
App. name:          IPS
App. Status:        Up
App. Status Desc:
App. version:       6.0(1)E1
Data plane Status:  Up
Status:             Up
Mgmt IP addr:       172.17.1.20
Mgmt web ports:     443
Mgmt TLS enabled:   true

 

The problem that I am having is that when I set it up to pull down the new software through TFTP, it just hangs and times out.

KCH-ASA-Primary# hw module 1 recover config
Image URL [tftp://10.10.10.9/IPS-sig-S789-req-E4.pkg]:
Port IP Address [172.17.1.20]:
VLAN ID [950]:
Gateway IP Address [172.17.1.1]:
KCH-ASA-Primary#

And then ...

KCH-ASA-Primary# debug module-boot
debug module-boot  enabled at level 1
KCH-ASA-Primary# hw module 1 recover boot

The module in slot 1 will be recovered.  This may
erase all configuration and all data on that device and
attempt to download a new image for it.
Recover module in slot 1? [confirm]
Recover issued for module in slot 1
KCH-ASA-Primary# Slot-1 215> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan                             26 10:43:08 PST 2006
Slot-1 216> Platform ASA-SSM-10
Slot-1 217> GigabitEthernet0/0
Slot-1 218> Link is UP
Slot-1 219> MAC Address: 0018.b91b.69f1
Slot-1 220> ROMMON Variable Settings:
Slot-1 221>   ADDRESS=172.17.1.20
Slot-1 222>   SERVER=10.10.10.9
Slot-1 223>   GATEWAY=172.17.1.1
Slot-1 224>   PORT=GigabitEthernet0/0
Slot-1 225>   VLAN=950
Slot-1 226>   IMAGE=IPS-sig-S789-req-E4.pkg
Slot-1 227>   CONFIG=
Slot-1 228>   LINKTIMEOUT=20
Slot-1 229>   PKTTIMEOUT=4
Slot-1 230>   RETRY=20
Slot-1 231> tftp IPS-sig-S789-req-E4.pkg@10.10.10.9 via 172.17.1.1

KCH-ASA-Primary# Slot-1 232> TFTP failure: Packet verify failed after 20 retries
Slot-1 233> Rebooting due to Autoboot error ...
Slot-1 234> Rebooting....

I know that I can reach 10.10.10.9 from 172.17.1.x.  And this is the present port IP of the device.  If I do a 'session1' and ping 10.10.10.9, I get replies.  I know my TFTP is working ... I use it for all of my switches for config backups and installing new IOS.  And watching my TFTP server window, I am not seeing any connection attempts.

What am I doing wrong here?  :-(

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card