01-18-2008 11:08 AM - edited 03-10-2019 03:56 AM
We've lost the login info for the IPS-SSM on our ASA 5520. It looks like we will need to re image the module with a newer software version. It currently is not in use i.e. no rules for it on the the firewall. Will this process take the firewall off line at all?
Output from sh command:
Firewall03# show module 1
Mod Card Type Model Serial No.
--- -------------------------------------------- ------------------ -----------
1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 xxxxxxx
Mod MAC Address Range Hw Version Fw Version Sw Version
--- --------------------------------- ------------ ------------ ---------------
1 001b.0ce2.xxxx to 001b.0ce2.xxxx 1.0 1.0(11)2 5.1(5)E1
Mod SSM Application Name Status SSM Application Version
--- ------------------------------ ---------------- --------------------------
1 IPS Up 5.1(5)E1
Mod Status Data Plane Status Compatibility
--- ------------------ --------------------- -------------
1 Up Up
Firewall03# show module 1 recover
Module 1 recover parameters...
Boot Recovery Image: No
Image URL: tftp://0.0.0.0/
Port IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
VLAN ID: 0
Solved! Go to Solution.
 
					
				
		
01-18-2008 11:22 AM
No, it should not affect the firewall operation at all. It would only be affected if you were running it in inline mode with fail closed enabled.
 
					
				
		
01-18-2008 11:22 AM
No, it should not affect the firewall operation at all. It would only be affected if you were running it in inline mode with fail closed enabled.
01-18-2008 12:33 PM
Thanks that's what I need to know.
01-21-2008 06:06 PM
If you are running active/standby the asa will failover when you reload the SSM module, which is required for the reimaging. Just a note to remember, with version 8.0.3 i think it was there has been introduced some kinda keepalive function on the backplane to keep the asa from failing over when rebooting the module.
01-22-2008 08:19 AM
So it will have an effect on the firewall, causing it to fail over?
Also I am having a hard time understanding the recovery process as it seems the device needs to be configured to allow the recovery image to be used. I have no idea how if at all the device is configured, we have zero access to the device as we have none of the passwords for it and no idea how it's configured.
from looking at the above (1st post) you can there is no recovery location set. How do I recover with no info on the device?
Firewall03# sh module 1 details
Getting details from the Service Module, please wait...
ASA 5500 Series Security Services Module-20
Model: ASA-SSM-20
Hardware version: 1.0
Serial Number: JAF111XXXXX
Firmware version: 1.0(11)2
Software version: 5.1(5)E1
MAC Address Range: 001b.0ce2.XXXX to 001b.0ce2.XXXX
App. name: IPS
App. Status: Up
App. Status Desc:
App. version: 5.1(5)E1
Data plane Status: Up
Status: Up
Mgmt IP addr: 10.1.9.201
Mgmt web ports: 443
Mgmt TLS enabled: true
Firewall03# sh module 1 recover
Module 1 recover parameters...
Boot Recovery Image: No
Image URL: tftp://0.0.0.0/
Port IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
VLAN ID: 0
Firewall03#
01-22-2008 11:48 AM
Closed: New topic started
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide