cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3608
Views
5
Helpful
2
Replies
Eli Kagan
Beginner

permanently disable IPS module in an ASA

Howdy,

I have a bunch of older ASA 5510 and 5520 with ASA-SSM-10 modules installed. 

I was wondering what's the proper way of permanently disabling these modules without physically removing them.

I was planning on removing the service policy that forwards traffic to the IPS and then doing ' hw-module module 1 shutdown'.

Is there anything else that needs to be done?

Will the module stay shut after a reboot?

Do I need to erase its config?

Thanks,

Eli

2 REPLIES 2
Marvin Rhoads
VIP Community Legend

Removing the service policy certainly takes them out of the data path.

I'm not 100% sure, but I believe the hw-module command will only remain in effect while the ASA is running. A restart (from power cycle or reload) will invoke the boot process which will always bring up any installed hardware module.

I'm with Marvin here, after each reboot the module starts up again. But it doesn't cause any harm if your service-policy is configgured without any ips-action. That's also the state I have on the ASAs of some customers that haven't migrated yet.

Create
Recognize Your Peers
Content for Community-Ad