I have an ASA 5520 with an ASA-SSM-10 module in it for IDS. It has (from what I can tell) never been used or configured. In fact, I only recently found that it existed! I would like to begin using it, starting with replacing the software image with the latest (I do NOT need any configuration from it now).
Details ...
KCH-ASA-Primary# sh module 1 details
Getting details from the Service Module, please wait...
ASA 5500 Series Security Services Module-10
Model: ASA-SSM-10
Hardware version: 1.0
Serial Number: JAF10422581
Firmware version: 1.0(11)2
Software version: 6.0(1)E1
MAC Address Range: 0018.b91b.69f1 to 0018.b91b.69f1
App. name: IPS
App. Status: Up
App. Status Desc:
App. version: 6.0(1)E1
Data plane Status: Up
Status: Up
Mgmt IP addr: 172.17.1.20
Mgmt web ports: 443
Mgmt TLS enabled: true
The problem that I am having is that when I set it up to pull down the new software through TFTP, it just hangs and times out.
KCH-ASA-Primary# hw module 1 recover config
Image URL [tftp://10.10.10.9/IPS-sig-S789-req-E4.pkg]:
Port IP Address [172.17.1.20]:
VLAN ID [950]:
Gateway IP Address [172.17.1.1]:
KCH-ASA-Primary#
And then ...
KCH-ASA-Primary# debug module-boot
debug module-boot enabled at level 1
KCH-ASA-Primary# hw module 1 recover boot
The module in slot 1 will be recovered. This may
erase all configuration and all data on that device and
attempt to download a new image for it.
Recover module in slot 1? [confirm]
Recover issued for module in slot 1
KCH-ASA-Primary# Slot-1 215> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Slot-1 216> Platform ASA-SSM-10
Slot-1 217> GigabitEthernet0/0
Slot-1 218> Link is UP
Slot-1 219> MAC Address: 0018.b91b.69f1
Slot-1 220> ROMMON Variable Settings:
Slot-1 221> ADDRESS=172.17.1.20
Slot-1 222> SERVER=10.10.10.9
Slot-1 223> GATEWAY=172.17.1.1
Slot-1 224> PORT=GigabitEthernet0/0
Slot-1 225> VLAN=950
Slot-1 226> IMAGE=IPS-sig-S789-req-E4.pkg
Slot-1 227> CONFIG=
Slot-1 228> LINKTIMEOUT=20
Slot-1 229> PKTTIMEOUT=4
Slot-1 230> RETRY=20
Slot-1 231> tftp IPS-sig-S789-req-E4.pkg@10.10.10.9 via 172.17.1.1
KCH-ASA-Primary# Slot-1 232> TFTP failure: Packet verify failed after 20 retries
Slot-1 233> Rebooting due to Autoboot error ...
Slot-1 234> Rebooting....
I know that I can reach 10.10.10.9 from 172.17.1.x. And this is the present port IP of the device. If I do a 'session1' and ping 10.10.10.9, I get replies. I know my TFTP is working ... I use it for all of my switches for config backups and installing new IOS. And watching my TFTP server window, I am not seeing any connection attempts.
What am I doing wrong here? :-(