08-03-2017 07:27 AM - edited 03-10-2019 06:54 AM
Howdy,
I have a bunch of older ASA 5510 and 5520 with ASA-SSM-10 modules installed.
I was wondering what's the proper way of permanently disabling these modules without physically removing them.
I was planning on removing the service policy that forwards traffic to the IPS and then doing ' hw-module module 1 shutdown'.
Is there anything else that needs to be done?
Will the module stay shut after a reboot?
Do I need to erase its config?
Thanks,
Eli
08-03-2017 07:12 PM
Removing the service policy certainly takes them out of the data path.
I'm not 100% sure, but I believe the hw-module command will only remain in effect while the ASA is running. A restart (from power cycle or reload) will invoke the boot process which will always bring up any installed hardware module.
08-04-2017 01:30 AM
I'm with Marvin here, after each reboot the module starts up again. But it doesn't cause any harm if your service-policy is configgured without any ips-action. That's also the state I have on the ASAs of some customers that haven't migrated yet.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: