Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1146
Views
0
Helpful
3
Replies

AIP-SSM-10 sensor upgrade

pschwalger
Level 1
Level 1

‎02-28-2013 12:59 PM - edited ‎03-10-2019 05:54 AM

I have two ASA5520's with ASA-SSM-10 modules which are running Cisco Intrusion Prevention System, Version 6.0(6)E4. These are located at two different sites (one is local and the other remote from where I am based) and so are not running failover.

I understand there is an auto update signature option with Version 6.1 or later which I would like to set up.

The ASA5520's are running Cisco Adaptive Security Appliance Software Version 8.2(5).

Can anyone recommend whether I should be looking at upgrading to Version 6.2 or 7.0 and perhaps why.

Do I also just apply the engine update and then update the latest signatures for good measure.

I was thinking of doing the upgrade through the IDM and was a bit confused about the recovery and system images and what the correct procedure should be e.g. backup the AIP config, tftp the existing image, install the new engine image and reboot the sensor?

Any comments or assistance would be appreciated.

Thanks, Peter.

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎02-28-2013 08:21 PM

Hello Peter,

Hope you are doing fine,

I would encourage you to go to the latest IPS image available now days whitch is : 7.1.7 Engine 4

Why is that?

Because you will ensure you will have a device with the latest image that will provide you fixes to previous bugs, new features, etc etc.

So go for it.

Now regarding the upgrade

From the CLI

On configuration terminal mode
Configuration  terminal

     upgrade ftp://user:password@1.1.1.1/upgrade_file_name

http://www.networkstraining.com/how-to-upgrade-the-cisco-ips-module-aip-ssm/

Regards,

Julio Carvajal

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

pschwalger
Level 1
Level 1
In response to Julio Carvajal

‎03-05-2013 03:16 PM

Thanks Julio,

Is there any restriction in terms of the AIP-SSM-10 license in upgrading directly from Version 6.0(6)E4 to

7.1(7)E4?

Peter.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to pschwalger

‎03-05-2013 03:19 PM

Hello Peter,

There are some requirements

For this kind of questions you can always go for the release notes of the version you are trying to go and then check the upgrade requirements,

As you can see on the link I sent you there are some gotchas on this particular upgrade

http://www.cisco.com/en/US/docs/security/ips/7.1/release/notes/28859_01.html#wp1308117

Regards,

Julio Carvajal

Remember to rate all of the helpful posts

NOTE: On the link I provided you can see the restrictions regarding everything ( including the license)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card