Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
6465
Views
5
Helpful
9
Replies

AIP SSM-10 is unresponsive

zafar12233
Level 1
Level 1

‎02-17-2010 09:27 PM - edited ‎03-10-2019 04:53 AM

Hi,

I am having problem with my AIP SSM 10 which is installed in ASA 5510, the following output comes when i issue command "show module"

Mod Card Type                                    Model              Serial No.

--- -------------------------------------------- ------------------ -----------

  0 ASA 5510 Adaptive Security Appliance         ASA5510            xxxxxxxxxxx

  1 ASA 5500 Series Security Services Module-10  ASA-SSM-10  xxxxxxxxxxx

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version

--- --------------------------------- ------------ ------------ ---------------

  0 0021.a0ec.e807 to 0021.a0ec.f80b  2.0          1.0(11)5     8.0(4)

  1 0021.a0af.dbdf to 0021.a0af.cbdf  1.0            1.0(11)5

Mod SSM Application Name           Status           SSM Application Version

--- ------------------------------ ---------------- --------------------------

Mod Status             Data Plane Status     Compatibility

--- ------------------ --------------------- -------------

  0 Up Sys                Not Applicable

  1 Unresponsive       Not Applicable

ASA#

i have searched the relavent docs from cisco's site, and issued commands to resolve the issues i.e.
ASA# hw module 1 reset
The module in slot 1 should be shut down before
resetting it or loss of configuration may occur.
Reset module in slot 1? [confirm]
Reset issued for module in slot 1
No positive result.
ASA-A# Reload module in slot 1?
ERROR: % Unrecognized command
ASA-A# Reload module in slot 1 [confirm]
Module in slot 1 can not be reloaded, not in Up state.
please help.
regards
Zafar

Labels:
0 Helpful
9 Replies 9

Panos Kampanakis
Cisco Employee
Cisco Employee

‎02-18-2010 01:30 PM

Enable "debug module" and do a "hw module 1 reset". If you don't see a debug after a bit saying "Booting...", try reseating the module if it is still in Unresponsive status. It is hot-swappable if it is already in the ASA.

I hope it helps.

PK

0 Helpful

dc-csa-chn
Level 1
Level 1
In response to Panos Kampanakis

‎10-18-2010 10:41 PM

Is it really hot-swappable? Below links states you need to shutdown the module and power off the ASA  before removing the SSM.

http://www.cisco.com/en/US/docs/security/ips/5.1/installation/guide/hwSSM.html#wp1040424

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to dc-csa-chn

‎10-19-2010 06:23 AM

You need to power down the ASA ONLY if it is the first time you are putting the module in.

If the module is still in there you can reseat it without powering down the ASA.

I hope it makes sense.

PK

0 Helpful

Daniela Herrera
Level 1
Level 1

‎10-26-2010 02:00 PM

I also had the idea that the AIP-SSM was not hot-swap, can't assure otherwise. But I agree that pulling it out and in again on the ASA should fix the problem.I've done it by shuting down the ASA. It's real quick.

You can also try the "hw-module recover" option (which you have to configure first) in case the module allows it. This will restore the module to factory defaults so it's really important to realize that configuration will  be gone and that a copy of the license information is needed to re-activate the module.

The debug they mention earlier is really useful during this process since you won't be seeing anything on the ASA and the module will take a while to get back up.

Hope this is useful.

Regards,

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to Daniela Herrera

‎10-26-2010 02:07 PM

It is hot-swappable if it is already on the ASA.

Only the first time you put it in do you need to turn off the ASA.

PK

Daniela Herrera
Level 1
Level 1
In response to Panos Kampanakis

‎10-26-2010 02:13 PM

That IS really good to know.

Should the service-policy be disabled on the ASA to do that?

Thanks and regards!

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to Daniela Herrera

‎10-26-2010 05:01 PM

No need to remove the policy either if you have "ips fail-open".

Please mark the question as resolved, if it is, so other benefit from it in the future.

PK

0 Helpful

Daniela Herrera
Level 1
Level 1
In response to Panos Kampanakis

‎11-01-2010 09:29 AM

Thanks for the information. I can't select the correct answer since it was not my question. Let's hope the user who created it had his problem resolved.

Regards,

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to Panos Kampanakis

‎11-02-2010 10:01 AM 

No need to remove the policy either if you have "ips fail-open".

Trying to clarify the above statement. Our documentation mentions that the modules are not hot-swappable. Even though experience has shown that you can hot-swap a module if the module is already in the ASA, we would not recommend to do it because it is not oficially tested and supported.

PK

0 Helpful
Related community topics
Review Cisco Networking for a $25 gift card
Top