cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
841
Views
0
Helpful
3
Replies

ASA 5540 IPS Module removal Quesiton

pete.susey
Level 1
Level 1

I have 2 ASA 5540's that I want to run in HA A/F.  The active ASA has an IPS module running.  I no longer need this and would rather remove it than purchase another module for the spare.  What is the process to do this safely? After removal will the HA wizard recognize that the module was removed or do I have to update the software? Thanks in advance for the advice...

3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

Not sure how the failover is on if you only have IPS module on the Active device.

For failover to work, it needs to have exactly the same hardware including the SSM card as per the following document:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1130001

But if you would like to remove the IPS module from the active unit, there is nothing that needs to be done (no software update is required), and just check that the failover is running by issuing: show failover

Sorry about that.  That was a typo.  I meant Active/Standby.  I don't have the standby ASA configured yet.  I couldn't get past the wizard saying I had a Hardware mismatch.  I just wanted to know if anyone out here in intertube land has encountered any issues pulling the IPS module from the ASA or is it as easy as shutting it off, pulling the card, and turning it back on. 

Yup, it is just as easy as shutting it off, pulling the card and turning it back on. You are absolutely correct.

Review Cisco Networking for a $25 gift card