cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
810
Views
0
Helpful
5
Replies

will reloading an ASA-SSM effect the Firewall itself?

rmaxson2
Level 1
Level 1

We've lost the login info for the IPS-SSM on our ASA 5520. It looks like we will need to re image the module with a newer software version. It currently is not in use i.e. no rules for it on the the firewall. Will this process take the firewall off line at all?

Output from sh command:

Firewall03# show module 1

Mod Card Type Model Serial No.

--- -------------------------------------------- ------------------ -----------

1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 xxxxxxx

Mod MAC Address Range Hw Version Fw Version Sw Version

--- --------------------------------- ------------ ------------ ---------------

1 001b.0ce2.xxxx to 001b.0ce2.xxxx 1.0 1.0(11)2 5.1(5)E1

Mod SSM Application Name Status SSM Application Version

--- ------------------------------ ---------------- --------------------------

1 IPS Up 5.1(5)E1

Mod Status Data Plane Status Compatibility

--- ------------------ --------------------- -------------

1 Up Up

Firewall03# show module 1 recover

Module 1 recover parameters...

Boot Recovery Image: No

Image URL: tftp://0.0.0.0/

Port IP Address: 0.0.0.0

Gateway IP Address: 0.0.0.0

VLAN ID: 0

1 Accepted Solution

Accepted Solutions

acomiskey
Level 10
Level 10

No, it should not affect the firewall operation at all. It would only be affected if you were running it in inline mode with fail closed enabled.

View solution in original post

5 Replies 5

acomiskey
Level 10
Level 10

No, it should not affect the firewall operation at all. It would only be affected if you were running it in inline mode with fail closed enabled.

Thanks that's what I need to know.

If you are running active/standby the asa will failover when you reload the SSM module, which is required for the reimaging. Just a note to remember, with version 8.0.3 i think it was there has been introduced some kinda keepalive function on the backplane to keep the asa from failing over when rebooting the module.

So it will have an effect on the firewall, causing it to fail over?

Also I am having a hard time understanding the recovery process as it seems the device needs to be configured to allow the recovery image to be used. I have no idea how if at all the device is configured, we have zero access to the device as we have none of the passwords for it and no idea how it's configured.

from looking at the above (1st post) you can there is no recovery location set. How do I recover with no info on the device?

Firewall03# sh module 1 details

Getting details from the Service Module, please wait...

ASA 5500 Series Security Services Module-20

Model: ASA-SSM-20

Hardware version: 1.0

Serial Number: JAF111XXXXX

Firmware version: 1.0(11)2

Software version: 5.1(5)E1

MAC Address Range: 001b.0ce2.XXXX to 001b.0ce2.XXXX

App. name: IPS

App. Status: Up

App. Status Desc:

App. version: 5.1(5)E1

Data plane Status: Up

Status: Up

Mgmt IP addr: 10.1.9.201

Mgmt web ports: 443

Mgmt TLS enabled: true

Firewall03# sh module 1 recover

Module 1 recover parameters...

Boot Recovery Image: No

Image URL: tftp://0.0.0.0/

Port IP Address: 0.0.0.0

Gateway IP Address: 0.0.0.0

VLAN ID: 0

Firewall03#

Closed: New topic started

Review Cisco Networking for a $25 gift card