ASA 5510 - SSM 10

Ashley Sahonta · ‎05-22-2012

Hi,

I have an SSM module in an ASA 5510, when I try and change the host IP the SSH session to the ASA freezes and returns with a timeout error. After issuing the show module 1 details command the configuration remains the same.

I am using the session 1 do ip address command and I have also tried the session 1 ip address command.

Can anyone help?

Thanks,

Ash

Jennifer Halim · ‎05-22-2012

Please just session into the module, and configure the new ip address after you are in the SSM module session.

As per the following doc, you are not supposed to configure/use: session 1 do ip address, or session 1 ip address unless advised by TAC:

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s1.html#wp1447034

Ashley Sahonta · ‎05-22-2012

Okay, thanks.

How is this configured? There weren't too many options available when I used ?

Jennifer Halim · ‎05-22-2012

"session 1" to session into the IPS module, and you will be prompted for username and password of the IPS module.

Once you authenticate, you will be in the IPS configuration CLI, and you can change the IP Address.

Ashley Sahonta · ‎05-22-2012

What are the commands?

Jennifer Halim · ‎05-22-2012

Run the "setup" command, and it will run you through the ip address change.

The syntax should be "ipaddress/mask,default gateway"

Ashley Sahonta · ‎05-22-2012

setup command does not work. Comes back with invalid input detected.

Jennifer Halim · ‎05-22-2012

Are you session into the module yet?

Can you please copy and paste your SSH output.

Ashley Sahonta · ‎05-22-2012

Yeah, this occurred whilst on the SSM. Output below:

ntsdemo-fw1# session 1

Opening command session with slot 1.

Connected to slot 1. Escape character sequence is 'CTRL-^X'.

Welcome to NTS Login Page!

login: admin

Password:

Last login: Tue May 22 13:13:41 from 127.0.1.1

***NOTICE***

This product contains cryptographic features and is subject to United States

and local country laws governing import, export, transfer and use. Delivery

of Cisco cryptographic products does not imply third-party authority to import,

export, distribute or use encryption. Importers, exporters, distributors and

users are responsible for compliance with U.S. and local country laws. By using

this product you agree to comply with applicable laws and regulations. If you

are unable to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

***LICENSE NOTICE***

There is no license key installed on the system.

The system will continue to operate with the currently installed

signature set. A valid license must be obtained in order to apply

signature updates. Please go to http://www.cisco.com/go/license

to obtain a new license or install a license.

NTS-IPS-Sensor# setup

^

% Invalid input detected at '^' marker

Jennifer Halim · ‎05-22-2012

Strange,....

Try the following:

config t

service host

network-settings

host-ip /,

Ashley Sahonta · ‎05-22-2012

When I enter that I get the following:

NTS-IPS-Sensor# conf t

NTS-IPS-Sensor(config)# service host

NTS-IPS-Sensor(config-hos)# ?

exit Exit service configuration mode.

show Display system settings and/or history information.

NTS-IPS-Sensor(config-hos)# network-settings

^

% Invalid input detected at '^' marker

Jennifer Halim · ‎05-22-2012

Are you logging into the IPS with full admin privileges? looks like you only have read-only access to the IPS, hence can't make any changes.

Ashley Sahonta · ‎05-22-2012

I gues not. Is there any way of wiping the config as I don't know the admin username and password?

Jennifer Halim · ‎05-22-2012

Here is the procedure for password recovery:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_troubleshooting.html#wp1356054