Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
810
Views
0
Helpful
3
Replies

AIP-SSM system upgrade

fallonem82
Level 1
Level 1

‎11-27-2007 12:47 PM - edited ‎03-10-2019 03:53 AM

I've received a new asa5520 with aip-ssm (ssm-20). I have upgraded the ASA image to 7.2(3) successfully. I am trying to upgrade the SSM module from 5.1(6)E1 to 6.0(3)E1. I have the following connections

Sensor IP: 10.0.0.3

ASA G0/0: 10.0.0.2

Gateway: 10.0.0.2

TFTP server: 10.0.0.6

Subnet: /29

trying to upgrade from the ASA I have issued the commands:

hw-module module 1 recover configure

>Image URL: tftp://10.0.0.6/IPS-SSM-K9-sys-1.1-a-6.0-3-E1.img

>Port IP address: 10.0.0.3

>Gateway: 10.0.0.2

hw-module module 1 recover boot

debug module-boot

here is the output I get

Slot-1 64> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006

Slot-1 65> Platform ASA-SSM-20

Slot-1 66> GigabitEthernet0/0

Slot-1 67> Link is UP

Slot-1 68> MAC Address: 001c.5826.2083

Slot-1 69> ROMMON Variable Settings:

Slot-1 70> ADDRESS=10.0.0.3

Slot-1 71> SERVER=10.0.0.6

Slot-1 72> GATEWAY=10.0.0.2

Slot-1 73> PORT=GigabitEthernet0/0

Slot-1 74> VLAN=untagged

Slot-1 75> IMAGE=IPS-SSM-K9-sys-1.1-a-6.0-3-E1.img

Slot-1 76> CONFIG=

Slot-1 77> LINKTIMEOUT=20

Slot-1 78> PKTTIMEOUT=4

Slot-1 79> RETRY=20

Slot-1 80> tftp IPS-SSM-K9-sys-1.1-a-6.0-3-E1.img@10.0.2.6 via 10.0.2.2

Slot-1 81> TFTP failure: Packet verify failed after 20 retries

Slot-1 82> Rebooting due to Autoboot error ...

Slot-1 83> Rebooting....

Any ideas on why I'm getting the failure at line 81 would be great!

Labels:
0 Helpful
3 Replies 3

ghalleen
Cisco Employee
Cisco Employee

‎12-01-2007 12:17 AM

Try it again, but this time don't add a gateway address. If you go to Networkers, I cover this in the Troubleshooting IPS session. It's a frustrating problem when you initially run into it! ;-)

Only add a gateway when the TFTP server is on a different LAN segment than the sensor.

Gary

0 Helpful

rhermes
Level 7
Level 7
In response to ghalleen

‎12-03-2007 12:08 PM

If your sensor boots into 5.x you can issue the upgrade command

upgrade ftp://user@10.0.0.22/IPS-K9-r-1.1-a-6.0-3-E1.pkg

It's less complex than re-imaging your sensor from scratch, plus there are less hidden problems that require you to attend a troubleshooting class to discover.

0 Helpful

fallonem82
Level 1
Level 1
In response to rhermes

‎12-04-2007 12:02 PM

Thanks, I'll try both solutions in the next couple of days.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card