I have been trying to upgrade the software on an IPS-20 module which is part of an active/ active ASA 5585-X set-up.
The original software version was 7.2(1) and we wanted to upgrade to 7.3(2) - which has the advantage of supporting SNMPv3.
The readme file for 7.3(2) states that the upgrade path is allowed.
Last week we tried the upgrade via IDM -this failed. The IPS module didn't come back online. We managed to recover it from the CLI on the host ASA by re-imaging with the original software image - thus returning to the initial state.
Today we made a 2nd attempt - this time on the IPS CLI using the upgrade command and the relevant upgrade software package. This failed too. We waited at least an hour, but the module didn't boot properly. We no longer had access to the IPS module directly. And from the ASA CLI it's status is reported as Unresponsive. Next we tried doing a full image recovery, this time with the full image of the new software version which we want to install. The TFTP server gave some confidence that the correct file was loaded to the module.
But it failed to boot properly - it seemed to be in a boot loop. (This could be seen by continual 'Launching BootLoader' messages via the debug module-boot command on the ASA CLI).
Again the IPS module status progressed from Recover, to Init and finally to Unresponsive.
Next we tried full image recovery with the original software version (full image file) - again the TFTP image load seemed to complete OK, then it got stuck at 'Launching BootLoader'.
It turns out that this issue is a known problem and may be identified by Bug ID CSCug52259.
We had to get the IPS module replaced (fortunately covered by maintenance contract).
New unit delivered 2nd Feb just before midday; set-to work and successfully upgraded software version by end of the day.
Because our IPS module was part of an active/active ASA redundant pair we actually had 2 of these IPS modules which needed to be upgraded. Once the first one was up and running again we started on the 2nd!
We encountered the same problems as described above when attempting the upgrade on the 2nd IPS module - and raised another case with Cisco.
This time the TAC sent us an updated BIOS version to install on the IPS module via TFTP. This worked a treat! And after that the upgrade was also successful.
Here are the details of from Cisco's Bug Search Tool:
ROMMON: eUSB device not recognized by BIOS on boot
Symptom: ASA or IPS goes into a 'boot loop' after resetting the device, where the ASA/IPS is unable to find a boot image with errors similar to the following: