Thanks for your response. As I mentioned earlier in my email, I tried 2 different images (IPS-SSC_5-K9-sys-1.1-a-6.2-2-E4.img and IPS-SSM_10-K9-sys-1.1-a-7.1-5-E4.img) without any success. Since there are no packets coming from IPS on the TFTP server, I think the problem is something else.

When I run the "debug cplane 255" command, I see some errors mentioned below:

asa(config)# debug cplane 255

debug cplane  enabled at level 255

asa(config)#

cp_connect: Connecting to card 1, socket 3, port 7000

cp_connect: Error - cp_connect() returned -1

cp_check_connection: handle -1, conflicts with connection 1 (-1)

cp_check_connection: handle -1, conflicts with connection 2 (-1)

cp_check_connection: handle -1, conflicts with connection 3 (-1)

cp_update_connection: Error updating connection_id 0

Is this a hardware issue?

How did you connect the AIP module to the tftp server?

You would need to use the port on the module itself to connect it to the network or directly to your tftp server.

You can't use the backplane on the ASA for management traffic towards the AIP module.

As I mentioned in my first email;

The Module's network interface is connected to the same switch where the TFTP server is connected. When I run a sniffer on the TFTP server (Linux, tcpdump), there's no TFTP activity. But I can use this TFTP server from ASA (Connected to the Inside interface).

ASA Inside interface IP Address: X.X.X.1

TFTP Server IP Address: X.X.X.8

If the module does not come up as "UP" state after resetting it, you might need to get an RMA of the module.

I understand that you have tried to reset the module, did you also try to reload the module?

hw-module module 1 reload

If all fails, then RMA would be the way to go.

Yes, I tried to reset the module. Since it is in "Unresponsive" state, hw-module module 1 reload command does not work. I will power cycle the ASA and try to recover the module again before contacting RMA. Thanks for your help.

Emrecan,

Did you ever get this problem resolved?  I am havign the exact same issue on my ASA 5510.  Did you have to RMA it or did a re-seat of the module solve the problem. Just wondering if you fixed it.

Thanks.

Kerry

Hi Kerry,

Yes, I did fix it. I had to power cycle the ASA then reimage the IPS module. That solved my problem.

Hey Emrecan,

I appear to have the same issue.  Tried re-imaging the module itself, but appears to not get ANY traffic, looks to be exactly what your issue was.  Was there anything else you did, besides rebooting the ASA to get it to take the image?  Mine just does this :

ciscoasa(config)# hw module 1 recover boot

The module in slot 1 will be recovered.  This may
erase all configuration and all data on that device and
attempt to download a new image for it.
Recover module in slot 1? [confirm]
Recover issued for module in slot 1

ciscoasa(config)#

And just sits there.

Hi,

I don't remember doing anything else than powering cycling the ASA and reimaging the module. If your module is still in unresponsive state, you might need to send it to RMA.

Did you try "debug cplane 255" command? This might help you to see what's going on with the module..

Is it my imagination or has 7.1-5-E4 been withdrawn?

Yes 7.1.5-E4 has been withdrawn

https://supportforums.cisco.com/thread/2162447?tstart=0

Regards,

Sawan Gupta