09-12-2019 01:28 PM
All,
I received a SSM-20 (Cisco Content Security and Control) for use with the ASA 5540.
However I saw that the module does not have a software installed. Its status stays all the time as Unresponsive.
ciscoasa# show module 1 det
Getting details from the Service Module, please wait...
Unable to read details from module 1
Card Type: ASA 5500 Series Content Security Services Module-20
Model: ASA-SSM-CSC-20-K9
Hardware version: 1.0
Serial Number: JAF1333XXXX
Firmware version: 1.0(11)5
Software version:
MAC Address Range: 0026.0bXX.XXXX to 0026.0bXX.XXXX
Data Plane Status: Not Applicable
Status: Unresponsive
ciscoasa#
I tried to do the recovery process using the image 'csc6.6.1164.0.bin', but I see that nothing happens. My tftp server is not even accessed.
I left more than 2 hours the process running and nothing happened.
My setup and ip addresses are:
ciscoasa# sh int ip b
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 172.16.2.12 YES DHCP up up
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset administratively down down
Internal-Control0/0 127.0.1.1 YES unset up down
Internal-Data0/0 unassigned YES unset down down
Management0/0 192.168.0.1 YES CONFIG down down
ciscoasa#
ciscoasa# hw-module module 1 recover configure
Image URL [tftp://172.16.2.3/csc6.6.1164.0.bin]:
Port IP Address [172.16.2.12]:
VLAN ID [0]:
Gateway IP Address [0.0.0.0]:
ciscoasa# ping 172.16.2.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa#
I understand that "Port IP Address" would be the SSM-20 management port and this doen not have an IP address because there is no software.
Anyone have an idea how to solve this problem?
Thanks everybody,
Alexandre
09-12-2019 03:19 PM
Follow this thread to understand the issue
re-imaging follow thread :
https://community.cisco.com/t5/security-documents/re-imaging-the-csc-ssm/ta-p/3116696
09-13-2019 12:33 PM
Thanks for your response 'balaji.bandi'.
I've already read these two articles, but I can't follow them into having a management IP address on SSM-20. You know if there is a default address or if a could copy SSM image from ASA main flash?
09-13-2019 05:11 AM
You only need 10 seconds to handle this device the right way: Just dump it.
The CSC is end-of-life for such a long time, it will not benefit your network-security and is also not useful for any learning-purpose. It just uses energy and heats the room. Nothing more!
09-13-2019 12:44 PM
LOL. Honestly I think like you. But another analyst (former employee) has asked the company owner to buy these modules and he wants to see them in use. I wouldn't want him to lose his investment either.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide