Image recovery on 5520 IDS Module (ASA-SSM-10) TFTP timeout failure
I have an ASA 5520 with an ASA-SSM-10 module in it for IDS. It has (from what I can tell) never been used or configured. In fact, I only recently found that it existed! I would like to begin using it, starting with replacing the software image with the latest (I do NOT need any configuration from it now).
KCH-ASA-Primary# sh module 1 details Getting details from the Service Module, please wait... ASA 5500 Series Security Services Module-10 Model: ASA-SSM-10 Hardware version: 1.0 Serial Number: JAF10422581 Firmware version: 1.0(11)2 Software version: 6.0(1)E1 MAC Address Range: 0018.b91b.69f1 to 0018.b91b.69f1 App. name: IPS App. Status: Up App. Status Desc: App. version: 6.0(1)E1 Data plane Status: Up Status: Up Mgmt IP addr: 172.17.1.20 Mgmt web ports: 443 Mgmt TLS enabled: true
The problem that I am having is that when I set it up to pull down the new software through TFTP, it just hangs and times out.
KCH-ASA-Primary# hw module 1 recover config Image URL [tftp://10.10.10.9/IPS-sig-S789-req-E4.pkg]: Port IP Address [172.17.1.20]: VLAN ID : Gateway IP Address [172.17.1.1]: KCH-ASA-Primary#
The module in slot 1 will be recovered. This may erase all configuration and all data on that device and attempt to download a new image for it. Recover module in slot 1? [confirm] Recover issued for module in slot 1 KCH-ASA-Primary# Slot-1 215> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006 Slot-1 216> Platform ASA-SSM-10 Slot-1 217> GigabitEthernet0/0 Slot-1 218> Link is UP Slot-1 219> MAC Address: 0018.b91b.69f1 Slot-1 220> ROMMON Variable Settings: Slot-1 221> ADDRESS=172.17.1.20 Slot-1 222> SERVER=10.10.10.9 Slot-1 223> GATEWAY=172.17.1.1 Slot-1 224> PORT=GigabitEthernet0/0 Slot-1 225> VLAN=950 Slot-1 226> IMAGE=IPS-sig-S789-req-E4.pkg Slot-1 227> CONFIG= Slot-1 228> LINKTIMEOUT=20 Slot-1 229> PKTTIMEOUT=4 Slot-1 230> RETRY=20 Slot-1 231> tftp IPS-sig-S789-req-E4.firstname.lastname@example.org via 172.17.1.1
KCH-ASA-Primary# Slot-1 232> TFTP failure: Packet verify failed after 20 retries Slot-1 233> Rebooting due to Autoboot error ... Slot-1 234> Rebooting....
I know that I can reach 10.10.10.9 from 172.17.1.x. And this is the present port IP of the device. If I do a 'session1' and ping 10.10.10.9, I get replies. I know my TFTP is working ... I use it for all of my switches for config backups and installing new IOS. And watching my TFTP server window, I am not seeing any connection attempts.
Join us live on Tuesday, July 14 (and on demand after) to learn what impacts COVID-19 has had on the information security landscape from one of the people living that fight.
We'll take your questions live during the show and after, so post them belo...
TETRA Error Codes - Windows
Here are some common TETRA Error codes that you may find displayed in the dashboard as well as within the C:\Program Files\Cisco\AMP\<your_version>\sfc.exe.log or corresponding sfc.exe_<date>_<time>.logs. The...
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin...
In this guide will we be taking a look at how to configure the web.config file using the URL Rewrite tool when deploying the TETRA update server. This guide is meant as a companion to the existing guides and to help fill in some in...