04-02-2009 04:36 AM - edited 03-10-2019 04:34 AM
Hi,
I have AIP-SSM-10 module which is plugged into cisco ASA.The issue which I am facing is when executing the command hw-module module 1 details output from cisco ASA console I see the status of IPS has gone into unresponsive.
The output is shown as below:
ciscoasa# sh module 1 details
Getting details from the Service Module, please wait...
Unable to read details from slot 1
ASA 5500 Series Security Services Module-10
Model: ASA-SSM-10
Software version:
Data plane Status: Not Applicable
Status: Unresponsive
Becoz of this I am not able to login into IPS neither I can reimage it.
Is there any solution for this?
Can anyone help me out in this...?
Regards,
Archana.
04-02-2009 08:35 AM
if you have tried a shutdown of the module, reset and recover and a complete power down of the ASA, then you will need to have the module replaced. I have 96 AIP-SSM modules and have ran into this very often especially on the old 6.0.x software, but not so much on the 6.1.x versions.
04-06-2009 01:00 AM
I have tried shutdown ASA,then performed reset also,but IPS goes first to Init status then immediately goes to unresponsive state.Since it does not show me IP address I am not able to login into the IPS also.
can you help on this?
04-06-2009 03:38 AM
I think your only option now is to re-image the module. I had the same problems as you on Saturday and had to re-image. Below is example pulled from IPS Config Guide
If you have to go this route, download image from CCO and get TFTP server running.
Then
Step 1 Log in to the ASA.
Step 2 Enter enable mode:
asa> enable
Step 3 Configure the recovery settings for AIP-SSM:
asa# hw-module module 1 recover configure
17-37
Step 4 Specify the TFTP URL for the system image:
Image URL [tftp://0.0.0.0/]:
Example:
Image URL [tftp://0.0.0.0/]: tftp://10.89.146.1/IPS-SSM-K9-sys-1.1-a-5.0-1.img
Step 5 Specify the command and control interface of AIP-SSM:
Port IP Address [0.0.0.0]:
Example:
Port IP Address [0.0.0.0]: 10.89.149.231
Step 6 Leave the VLAN ID at 0.
VLAN ID [0]:
Step 7 Specify the default gateway of the AIP-SSM:
Gateway IP Address [0.0.0.0]:
Example:
Gateway IP Address [0.0.0.0]: 10.89.149.254
Step 8 Execute the recovery:
asa# hw-module module 1 recover boot
Step 9 Periodically check the recovery until it is complete:
04-06-2009 03:53 AM
Hi,
We can try this method if the IPS displays me the management IP address in the sh module 1 details command.
But in my AIP-SSM since it has gone to unresponsive state,even the management IP I am not able to ping.So I am not able to do anything.
As shown in earlier message the output of AIP-SSM when it shows unresponsive state.
04-06-2009 05:25 AM
HI marchanamendon
You are able to do this as part of the image recover process is setting the management IP (which is listed as port ip in guide). This worked for me when my SSM-AIP had not manageemnt IP and was in the unresponsive state. Please look to below guide for direction and example.
http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clissm.html
Regards,
04-06-2009 09:47 PM
Hi
I have one query,it will be grateful if u can help.Since this is the first time I am facing this trouble.
I have connected laptop directly to the management port of AIP-SSM.The IP configured on laptop is 10.10.10.2.
From Cisco ASA,I performed first this command hw-module module 1 reset.
After this I rebooted the ASA.
Now when executing the command,
hw-module module 1 recover configure,it runs through the series of commands..
Here I configure
Image URL [tftp://0.0.0.0/]: tftp://10.10.10.2/IPS-SSM-K9-sys-1.1-a-6.0-1.img
Port IP Address [0.0.0.0]:
Gateway IP Address [0.0.0.0]:
Can you let me know what should I configure the port IP address and the gateway IP address?
Regards,
Archana.
04-07-2009 06:05 AM
The port IP Address is the IP address you need to assign to your SSM in order for it to connect to your laptop.
Since your laptop has an IP address of 10.10.10.2, then your SSM needs an IP Address within this same subnet. I would suggest using either 10.10.10.1 or 10.10.10.3.
Since both your SSM and your laptop are on the same subnet and directly connected, then a gateway is not necessary. Traffic from your SSM can go straight to your laptop without needing to be routed. So the Gateway IP can stay at 0.0.0.0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide