EUDR-SunG-ASA-01# sh module

Mod Card Type                                    Model              Serial No.

--- -------------------------------------------- ------------------ -----------

  0 ASA 5520 Adaptive Security Appliance         ASA5520            JMX1421L3XS

  1 ASA 5500 Series Security Services Module-20  ASA-SSM-20         JAF1418BGLD

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version    

--- --------------------------------- ------------ ------------ ---------------

  0 5475.d026.e462 to 5475.d026.e466  2.0          1.0(11)5     8.2(4)8

  1 68ef.bdd0.d5bc to 68ef.bdd0.d5bc  1.0          1.0(11)5    

Mod SSM Application Name           Status           SSM Application Version

--- ------------------------------ ---------------- --------------------------

Mod Status             Data Plane Status     Compatibility

--- ------------------ --------------------- -------------

  0 Up Sys             Not Applicable        

1 Down               Not Applicable           Not powered on completely

It is an IPS module.

how can you tell whether it is an AIP or CSC?

Hi,

I checked it with the Serial Number at my end. The device is currently not powered on hence it is not showing whether it is an IPS or CSC since ASA is not able to detect.

In that case you can either check the ASA datasheet or the hardware guides to identify which module is it, moreover, if were you using this module earlier ??, if yes, then "show run policy" would definitely let you know if it was configured for IPS or CSC.

Thanks,

Varun

you should first try reseating the module and see if it comes up

if it does not come up try to reimage the module

if reimage does not resolve the issue then you can proceed with the hardware replacement.

correct part no. for this is

ASA-SSM-AIP-20-K9=

have already tried reseating....

how can i reimage if it isnt working?

ASA-SSM-20 is always a IPS module and the full part ID is ASA-SSM-AIP-20-K9

where in K9 is the license installed on this module.

hope this resolves you query

reimage will work even if the module is down.

refer to the below link for reimage.

http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/cliimage.html#wpxref68481

Here's a working link:

https://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/cli/cliguide71/cli_troubleshooting.pdf

Reference page C-62.

Here's the relevant text (of course substitute your tftp server, gateway address and img file that you are using):

If you have problems with reimaging the ASA 5500 AIP SSM, use the debug module-boot command
to see the output as the module boots. Make sure you have the correct IP address for the TFTP server
and you have the correct file on the TFTP server. Then use the hw-module module 1 recover command
again to reimage the module:

asa(config)# hw-module module 1 recover configure
Image URL [tftp://0.0.0.0/]: tftp://192.0.2.0/IPS-SSM-K9-sys-1.1-a-5.1-0.1.i$
Port IP Address [0.0.0.0]: 10.89.150.227
VLAN ID [0]:
Gateway IP Address [0.0.0.0]: 10.89.149.254
asa(config)# debug module-boot
debug module-boot enabled at level 1
asa(config)# hw-module module 1 recover boot
The module in slot 1 will be recovered. This may erase all configuration and all data on
that device and attempt to download a new image for it.
Recover module in slot 1? [confirm]
Recover issued for module in slot 1
asa(config)# Slot-1 140> Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10
PST 2005
Slot-1 141> Platform ASA-SSM-10
Slot-1 142> GigabitEthernet0/0
Slot-1 143> Link is UP
Slot-1 144> MAC Address: 000b.fcf8.0176
Slot-1 145> ROMMON Variable Settings:
Slot-1 146> ADDRESS=10.89.150.227
Slot-1 147> SERVER=10.89.146.1
Slot-1 148> GATEWAY=10.89.149.254
Slot-1 149> PORT=GigabitEthernet0/0
Slot-1 150> VLAN=untagged
Slot-1 151> IMAGE=IPS-SSM-K9-sys-1.1-a-5.1-0.1.img
Slot-1 152> CONFIG=
Slot-1 153> LINKTIMEOUT=20
Slot-1 154> PKTTIMEOUT=4
Slot-1 155> RETRY=20
Slot-1 156> tftp IPS-SSM-K9-sys-1.1-a-5.1-0.1.img@10.89.146.1 via 10.89.149.254
Slot-1 157> TFTP failure: Packet verify failed after 20 retries
Slot-1 158> Rebooting due to Autoboot error ...
Slot-1 159> Rebooting....
Slot-1 160> Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST 2005
Slot-1 161> Platform ASA-SSM-10
Slot-1 162> GigabitEthernet0/0
Slot-1 163> Link is UP
Slot-1 164> MAC Address: 000b.fcf8.0176
Slot-1 165> ROMMON Variable Settings:
Slot-1 166> ADDRESS=10.89.150.227
Slot-1 167> SERVER=10.89.146.1
Slot-1 168> GATEWAY=10.89.149.254
Slot-1 169> PORT=GigabitEthernet0/0
Slot-1 170> VLAN=untagged
Slot-1 171> IMAGE=IPS-SSM-K9-sys-1.1-a-5.1-0.1.img
Slot-1 172> CONFIG=
Slot-1 173> LINKTIMEOUT=20
Slot-1 174> PKTTIMEOUT=4
Slot-1 175> RETRY=20
Slot-1 176> tftp IPS-SSM-K9-sys-1.1-a-5.1-0.1.img@10.89.146.1 via 10.89.149.254

Hi,

I have a SSM-20 module, but I can't reimage because this does not have an IP address.

ciscoasa# show module 1 details
Getting details from the Service Module, please wait...
Unable to read details from module 1

Card Type: ASA 5500 Series Content Security Services Module-20
Model: ASA-SSM-CSC-20-K9
Hardware version: 1.0
Serial Number: JAF1333XXXX
Firmware version: 1.0(11)5
Software version:
MAC Address Range: 0026.0bXX.XXXX to 0026.0bXX.XXXX
Data Plane Status: Not Applicable
Status: Unresponsive

ciscoasa#hw-module module 1 recover configure
Image URL [tftp://172.16.2.3/csc6.6.1164.0.bin]:
Port IP Address [0.0.0.0]: (This does not have an IP address and not accept 0.0.0.0)
VLAN ID [0]:
Gateway IP Address [0.0.0.0]:
ciscoasa#

Do you know how can I repair this problem?

Thanks,

Alexandre

You should be able to copy the image to your ASA and recover from that image.

Why are you trying to setup a very very old and past-end-of-life module though? It does not provide effective security against modern threats and no current certification track requires that you know it.

amit - a show inventory gives the following:

Name: "module 1", DESCR: "ASA 5500 Series Security Services Module-20"

PID: ASA-SSM-20        , VID: V02     , SN: JAF1418BGLD

it doesnt have the same PID as being what you listed above?