cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1581
Views
8
Helpful
11
Replies

CSC SSM 6.0 (Build 1349) Upgrade

ifabrizio
Level 3
Level 3

Dear All,

I have a old version on my CSC SSM module 6.0, I want to upgrade to the last version.I never use the CSC SSM module, so first i must activate it using the activation key right ?

From my understanding I need to install first the release csc6.1-b1519, i have tryed to find it on cisco software center, but it seems unavaiable. Someone can help me to understand how upgrade my CSC SSM module?At last when I will upgrade the CSC SSM, the activation key remain vaild? (I have also the plus license.)

Best Regards,

Igor.

1 Accepted Solution

Accepted Solutions

varrao
Level 10
Level 10

Hi Igor,

Since you are running a very old version, not sure whether you would even get the version you stated on CIsco site, but what you can do is, re-image the module to 6.3.1172.0.bin file, after doing the re-image, activate the license by putting in the license key for base and sec plus. And then upgrade the version to 6.3.1172.4 which is the latest. Then you can restore your old configuration.

You would first need to make the backup of the config as following:

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc6.html#wp1041575


Before we perform re-image to the CSC please take the backup for following
also:

ASA Configuration and License.

CSC configuration backup.
CSC License Backup.

Download the Image csc6.3.1172.0.bin for re-image and then upgrade the CSC
to csc6.3.1172.3.pkg.

Link for CSC Re-image Steps and Procedure:
http://www.cisco.com/en/US/customer/docs/security/csc/csc63/administration/guide/cscappb.html

Let me know if this helps.

P.S.- do rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

11 Replies 11

varrao
Level 10
Level 10

Hi Igor,

Since you are running a very old version, not sure whether you would even get the version you stated on CIsco site, but what you can do is, re-image the module to 6.3.1172.0.bin file, after doing the re-image, activate the license by putting in the license key for base and sec plus. And then upgrade the version to 6.3.1172.4 which is the latest. Then you can restore your old configuration.

You would first need to make the backup of the config as following:

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc6.html#wp1041575


Before we perform re-image to the CSC please take the backup for following
also:

ASA Configuration and License.

CSC configuration backup.
CSC License Backup.

Download the Image csc6.3.1172.0.bin for re-image and then upgrade the CSC
to csc6.3.1172.3.pkg.

Link for CSC Re-image Steps and Procedure:
http://www.cisco.com/en/US/customer/docs/security/csc/csc63/administration/guide/cscappb.html

Let me know if this helps.

P.S.- do rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao

Dear Varun and All,


I am trying to re-image my CSC module as described in the previous 3d, but I got the error "Link is Down" when the CSC module try to contact the TFTP server.

The Asa5520 where the CSC is installed is configured in multiple context, I am trying to execute the CSC re-image procedure from the system context, that see only the Gigabitethernet 0/0 that is configured as statefull link (I have another asa5520 as active failover).

I have configured the CSC to recover in this way:

hw module 1 recover configure

Image URL tftp://172.16.08.38/csc6.3.1172.0.bin

Port IP Address 172.16.08.38

VLAN ID 33

Gateway IP Address 172.16.08.33

After that I do the command hw module 1 recover boot

lot-1 123> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Slot-1 124> Platform ASA-SSM-CSC-20
Slot-1 125> GigabitEthernet0/0
Slot-1 126> Link is DOWN
Slot-1 127> MAC Address: 0018.199e.7c01
Slot-1 128> Link State is Down
Slot-1 129> Rebooting due to Autoboot error ...
Slot-1 130> Rebooting....

But the Gigabitethernet is up, I have also tryed to ping from the Asa the TFTP server 172.16.08.38 an it works.

Do you have any idea?

Best regards,

Igor.

Hi,

The Port Ip address should be the management IP address here.

Thanks,

Varun

Thanks,
Varun Rao

*Management Ip of CSC module.

And you can leave the default gateway option to be blank.

Let me know if it works.

Thanks,

Varun

Thanks,
Varun Rao

Hi Varun,

I have configured the re-image of the module 1 in this way:

hw module 1 recover config
Image URL [tftp://172.16.24.113/csc6.3.1172.0.bin/]:
Port IP Address [172.16.24.100]:
VLAN ID [100]:
Gateway IP Address [172.16.24.100]:      <------- I have alredy specify a value.How I can do to put this field to blank?

I got always the same error, that It is very strange cause the hw module 1 recover boot try to use always the Gigabitethernet 0/0 intead of the Management 0/0.

I suppose that it happen cause in the system context the Management 0/0 do not have any ip address, I have see the avaiable command for that interface and is not possible to assign an ip address it.

The Ip address that I configured in the hw module 1 recover config 172.16.24.100 is assigned to the Management 0/0 but in the Admin context, where is not possible execute the hw module 1 recover config commands.

Do you have any Idea?

Hi,

First of all on whihc machine you have the tftp server connected. Next you should be able to ping that ip from ASA. If it is connected on the inside interface, do "ping inside "

If it is reachable, enter the following :

Image URL tftp:///csc6.3.1172.0.bin

Port IP Address:

VLAN ID : 0

Gateway IP Address: 0

it should work after that.

Let me know if yo have any difficulties.

Thanks,

Varun

Thanks,
Varun Rao

The TFTP server is conected to the Managment network 172.16.24.0/24, where the ASA5520 i connected too.From the Asa I can ping the TFTP server.

Actually the CSC do not have any ip assigned to its Management interface, how can I do it?

Thanks,

Igor.

Hi,

To change the CSC management ip, you would first need to do "session 1"

Log into the CSC module------>select option 1 Network settings----> make the required changes. The CSC management IP should be in the same subnet as the inside interface IP.

Moreover, could you just send me an output of "show module 1 detail", it shoudl show you the CSC management IP as well.

Thanks,

Varun

Thanks,
Varun Rao

Hi Varun,

Sorry for my delay.

I have completed the session 1 configs tasks till the Base license activation key.

I have some problem to retrive the PLUS activation key, cause the PAK that I own is too old. I have opened a TAC for this matter.

I have reimage the CSC to 6.3.1172.0.

The sh module 1 details is:

sh module 1 details

Getting details from the Service Module, please wait...

ASA 5500 Series Content Security Services Module-20

Model:              ASA-SSM-CSC-20

Hardware version:   1.0

Serial Number:      JAF10231588

Firmware version:   1.0(11)2

Software version:   CSC SSM 6.3.1172.0

MAC Address Range:  0018.199e.7c01 to 0018.199e.7c01

App. name:          CSC SSM

App. Status:        Down

App. Status Desc:   CSC SSM scan services are not available

App. version:       6.3.1172.0

Data plane Status:  Up

Status:             Up

HTTP Service:       Down

Mail Service:       Down

FTP  Service:       Down

Activated:          No

Mgmt IP addr:      

Mgmt web port:      8443

Peer IP addr:      

Now the CSC is not activated, why?

To upgrade the CSC to 6.3.1172.4.pkg I must activate the CSC first?

The reason why the csc is not activated could be that I not inserted the PLUS key license yet?

Thanks & Regards,

Igor.

Hi Ifabrizio,

I still do not see a a management IP being assigned to the CSC module. You can upgrade the CSC to

6.3.1172.4.pkg without activating the PLUS license. If after the upgrade as well you see the services and app status down in show module 1 detail, then you can run the following commands:

hw module 1 recover

hw module 1 reboot

This services should come up and status should also show as up.

Assign an IP to the management interface as well, the default gateway would be the ASA inside interface.

Thanks,

Varun

Thanks,
Varun Rao

Hi Varun,

Thanks for your support.

The CSC now is activated. Before it was not, because when I made the reimage from 6.0 to 6.3 the CSC's config was deleted by the upgrade process. So when the csc is restarted it lost the activation key, I did the "session 1" config tasks again, and now the CSC is upgraded to 6.3.1172.4 and activated.

Best regards,

Igor.

Review Cisco Networking for a $25 gift card