Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1052
Views
8
Helpful
5
Replies

Migrating from SSM-20 to SSM-40

harinirina
Level 1
Level 1

‎12-03-2010 04:39 AM - edited ‎03-10-2019 05:12 AM

Hi all,

We're using SSM-20 for the moment and we plan to replace it with SSM-40. We'd like to know if

- the IOS supporting SSM-20 will also support SSM-40
- the ASA and module will keep the config or do we need to configure the module and signature again ?


In case we use new ASA, what is the best/easiest way to export the configuration of old IPS module/ASA to the new IPS/ASA ?

Labels:
0 Helpful
5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

‎12-03-2010 05:03 AM

Which ASA models do you have at the moment?

AIP-SSM-40 is only supported on ASA5520 and 5540. Here is the URL for your reference:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~mid-range

The IPS configuration is independant to the ASA configuration. Therefore, if you are moving to a new module, you would need to reconfigure the AIP module from fresh. If you don't have any custom changes to the signatures, then you can just easily run the "setup" wizard to configure the network (ip address). It's pretty simple. And you then need to setup the signature update.

Hope that answers your question.

harinirina
Level 1
Level 1
In response to Jennifer Halim

‎12-03-2010 07:59 AM

Thank you for your fast reply.

We're using ASA 5540. About the signature, some signatures have been customized but we don't have detailed information (it has been configured by someone else and it's not documentated ).

is there a way to export the configuration of the old AIP-SSM-20 (signature, event action, ... )  and import it to the new AIP-SSM-40 ?

0 Helpful

rhermes
Level 7
Level 7
In response to harinirina

‎12-03-2010 09:00 AM

Yes, it is pretty easy to export and import IPS configs, just like a router:

do a "show config" on your old AIP-SSM module, then when you log into the new one, paste in the saved config.

- Bob

harinirina
Level 1
Level 1
In response to rhermes

‎12-07-2010 04:41 AM

Thank you for your reply.

In case an IOS IPS is used, how can we export / import the configuration of customized signature.

When we do "show run" on router configured with IOS IPS, there's no information about the signature customized in the output.

0 Helpful

harinirina
Level 1
Level 1
In response to rhermes

‎12-13-2010 11:40 AM

Hi  again,

The output of the "show conf" is as below, does it mean that there is no customized signature?

! ------------------------------
service signature-definition sig0
signatures 3030 0
status
enabled true
exit   
exit
exit
! ------------------------------
service ssh-known-hosts
exit
! ------------------------------
service trusted-certificates
exit
! ------------------------------
service web-server
exit
! ------------------------------
service anomaly-detection ad0
exit
! ------------------------------
service external-product-interface
exit
! ------------------------------
service analysis-engine
virtual-sensor vs0
physical-interface GigabitEthernet0/1
exit

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card