08-03-2017 07:27 AM - edited 03-10-2019 06:54 AM
Howdy,
I have a bunch of older ASA 5510 and 5520 with ASA-SSM-10 modules installed.
I was wondering what's the proper way of permanently disabling these modules without physically removing them.
I was planning on removing the service policy that forwards traffic to the IPS and then doing ' hw-module module 1 shutdown'.
Is there anything else that needs to be done?
Will the module stay shut after a reboot?
Do I need to erase its config?
Thanks,
Eli
08-03-2017 07:12 PM
Removing the service policy certainly takes them out of the data path.
I'm not 100% sure, but I believe the hw-module command will only remain in effect while the ASA is running. A restart (from power cycle or reload) will invoke the boot process which will always bring up any installed hardware module.
08-04-2017 01:30 AM
I'm with Marvin here, after each reboot the module starts up again. But it doesn't cause any harm if your service-policy is configgured without any ips-action. That's also the state I have on the ASAs of some customers that haven't migrated yet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide