Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
761
Views
0
Helpful
3
Replies

SCS-SSM-10 failover - could not establish a connection

CSCO11140938
Level 1
Level 1

‎11-07-2013 12:40 AM - edited ‎03-11-2019 08:01 PM

Hi,

I'm trying to set up Cicso asa csc-ssm-10 modules for failover, and see the following messasge, when setup is complete and after system failover has been enabled:

InterScan for CSC SSM could not establish a  connection. The software, hardware, and patch version on the peer  devices must match. Please reconcile the mismatch that was detected and  try again.

What could be the issue?

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎11-07-2013 12:44 AM

Hi,

Sadly I have no knowledge of the actual modules that the ASA use since we dont use them in our environments.

But the main thing about any ASA Failover pair is that they should be identical in every way down to the software levels.

The above error message to me atleast clearly suggest that there is some missmatch between the devices. That would be the first thing to check.

- Jouni

0 Helpful

CSCO11140938
Level 1
Level 1

‎11-07-2013 02:34 AM

Yes, Jouni you are absolutely right, both devices should be Identical from hardware, software and licensing perspectives here are the output from show module 1 details command from both devices

__________________________________________________

ciscoasa# show module 1 details

Getting details from the Service Module, please wait...

ASA 5500 Series Content Security Services Module-10

Model:              ASA-SSM-CSC-10

Hardware version:   1.0

Serial Number:      JAF1125001C

Firmware version:   1.0(11)2

Software version:   CSC SSM 6.6.1125.0

MAC Address Range:  001b.54f7.8d00 to 001b.54f7.8d00

App. name:          CSC SSM

App. Status:        Up

App. Status Desc:   CSC SSM scan services are available

App. version:       6.6.1125.0

Data plane Status:  Up

Status:             Up

HTTP Service:       Up

HTTPS Service:      Up

Mail Service:       Up

FTP  Service:       Up

Activated:          Yes

Mgmt IP addr: x.x.x.11

Mgmt web port: xxxxx

Peer IP addr:   x.x.x.1

__________________________________________________

show module 1 details

Getting details from the Service Module, please wait...

ASA 5500 Series Content Security Services Module-10

Model:              ASA-SSM-CSC-10-K9

Hardware version:   1.0

Serial Number:      JAD164401TU

Firmware version:   1.0(11)5

Software version:   CSC SSM 6.6.1125.0

MAC Address Range:  30f7.0dbc.ca96 to 30f7.0dbc.ca96

App. name:          CSC SSM

App. Status:        Up

App. Status Desc:   CSC SSM scan services are available

App. version:       6.6.1125.0

Data plane Status:  Up

Status:             Up

HTTP Service:       Up

HTTPS Service:      Up

Mail Service:       Up

FTP  Service:       Up

Activated:          Yes

Mgmt IP addr:      x.x.x.22

Mgmt web port:      xxxxx

Peer IP addr:       x.x.x.2

__________________________________________________

0 Helpful

Marius Gunnerud
VIP
VIP
In response to CSCO11140938

‎11-07-2013 03:55 AM

Does this error come once both devices are configured?

Here is something you might wan to try. If it doesn't jump to the correct section when you open the link, look under important notes section:

http://www.cisco.com/en/US/docs/security/csc/csc66/release/notes/cscrn66.html#wp344834

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card