Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1969
Views
0
Helpful
2
Replies

Upgrading an IPS module on ASA Firewall

Go to solution
s.lachica
Level 1
Level 1

‎07-29-2015 09:40 PM - edited ‎03-10-2019 06:25 AM

Hi,

 

This is a ver simple and easy question.

 

When upgrading an IPS module in ASA (IPS SSP module software), i will use this method show below. The question is: Is this going to erase the current configurations or current settings of the IPS?

Installing the System Image for the ASA 5500-X IPS SSP

<ommited>

Step 4 Copy the IPS image to the disk0 flash of the adaptive security appliance.

asa# copy tftp://192.0.2.0/directory/IPS-5545-K9-sys-1.1-a-7.1-3-E4.aip disk0:

 

Step 5 Image the ASA 5500-X IPS SSP.

asa# sw-module module ips recover configure image disk0:/IPS-SSP_5545-K9-sys-1.1-a-7.1-3-E4.aip

 

Step 6 Execute the recovery. This transfers the image from the TFTP server to the ASA 5500-X IPS SSP and restarts it.

 

asa# sw-module module ips recover boot

 

Step 7 Periodically check the recovery until it is complete.

 

asa# show module

 

Mod Card Type Model Serial No.

--- -------------------------------------------- ------------------ -----------

0 Cisco ASA 5545 Appliance with 8 GE ports, 1 ASA5545 ABC1234D56E

1 IPS 5545 Intrusion Protection System IPS5545 ABC1234D56E

 

Mod MAC Address Range Hw Version Fw Version Sw Version

--- --------------------------------- ------------ ------------ -------------

0 503d.e59c.6dc1 to 503d.e59c.6dca 1.0 8.6.1

ips 503d.e59c.6dcb to 503d.e59c.6dcb N/A N/A 7.1(3)E4

 

Mod SSM Application Name Status SSM Application Version

--- ------------------------------ ---------------- --------------------------

1 IPS Up 7.1(3)E4

 

Mod Status Data Plane Status Compatibility

--- ------------------ --------------------- -------------

0 Up Sys Not Applicable

1 Up Up

 

asa#

Note The Status field in the output indicates the operational status of the ASA 5500-X IPS SSP. An ASA 5500-X IPS SSP operating normally shows a status of “Up.” While the adaptive security appliance transfers an application image to the ASA 5500-X IPS SSP, the Status field in the output reads “Recover.” When the adaptive security appliance completes the image transfer and restarts the ASA 5500-X IPS SSP, the newly transferred image is running.

 

Note To debug any errors that may happen in the recovery process, use the debug module-boot command to enable debugging of the system reimaging process.

 

Step 8 Session to the ASA 5500-X IPS SSP and initialize it with the setup command.

 

Thanks,

Sonny

CCIE (R&S) #27666 CCSI HP MASE
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
joseoroz
Cisco Employee
Cisco Employee

‎07-30-2015 05:41 PM

Hello

 

The upgrade is when you do it from the GUI and that should not remove the configuration however is recommended to backup the configuration when you do it in case things go south..

 

The process that you are describing is a re image. That will install a fresh image and clear all the configuration.

 

Kind regards,

Jose Orozco.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
joseoroz
Cisco Employee
Cisco Employee

‎07-30-2015 05:41 PM

Hello

 

The upgrade is when you do it from the GUI and that should not remove the configuration however is recommended to backup the configuration when you do it in case things go south..

 

The process that you are describing is a re image. That will install a fresh image and clear all the configuration.

 

Kind regards,

Jose Orozco.

 

0 Helpful

Go to solution
s.lachica
Level 1
Level 1
In response to joseoroz

‎08-18-2015 07:34 PM

Hi Jose,

 

This indeed is true. Unfortunately i was not aware when this activity was done. The cisco tac approved this procedure. After the re-image i copy/paste the show config backup, unfortunately i had trouble with the auto-update feature license and password. Also, the IME is not working after the re-image. Still working on it now. Any idea with the IME issue?

 

Thanks,

Sonny

CCIE (R&S) #27666 CCSI HP MASE
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card