Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

AIP-SSM module hung

sbgcsd
Level 1
Level 1

‎06-17-2010 06:08 AM - edited ‎03-10-2019 05:01 AM

I have recently confgured my AIP-SSM-20 module in my firewalls (ASA 5540) which are configured in HA(Active/Standby).This implementation i have done on 13th June. It was working fine.

Now, i have observerd that the AIP-SSM-20 module in the primary firewall had gone to unresponsive state.

Below is the status of show module and show failover command.

FW1-5540# sh module

Mod Card Type                                    Model              Serial No.
--- -------------------------------------------- ------------------ -----------
  0 ASA 5540 Adaptive Security Appliance         ASA5540            JMX1234L11F
  1 ASA 5500 Series Security Services Module-20  ASA-SSM-20         JAF1341ADPS

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version
--- --------------------------------- ------------ ------------ ---------------
  0 0021.d871.77ab to 0021.d871.77af  2.0          1.0(11)4     8.0(3)6
  1 0023.ebf6.11ce to 0023.ebf6.11ce  1.0          1.0(11)5     6.2(2)E4

Mod SSM Application Name           Status           SSM Application Version
--- ------------------------------ ---------------- --------------------------
  1 IPS                            Not Applicable   6.2(2)E4

Mod Status             Data Plane Status     Compatibility
--- ------------------ --------------------- -------------
  0 Up Sys             Not Applicable
  1 Unresponsive       Not Applicable

FW1-5540# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER GigabitEthernet0/2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
Version: Ours 8.0(3)6, Mate 8.0(3)6
Last Failover at: 09:06:14 UTC Jun 15 2010
        This host:

                This host: Primary - Failed
                Active time: 191436 (sec)
                slot 0: ASA5540 hw/sw rev (2.0/8.0(3)6) status (Up Sys)
                  Interface DMZ_LAN (10.192.153.13): Normal (Waiting)
                  Interface INTRANET (10.192.154.13): Normal (Waiting)
                  Interface management (0.0.0.0): Link Down (Waiting)
                slot 1: ASA-SSM-20 hw/sw rev (1.0/6.2(2)E4) status (Unresponsive/Down)
                  IPS, 6.2(2)E4, Not Applicable
        Other host: Secondary - Active
                Active time: 192692 (sec)
                slot 0: ASA5540 hw/sw rev (2.0/8.0(3)6) status (Up Sys)
                  Interface DMZ_LAN (10.192.153.5): Unknown (Waiting)
                  Interface INTRANET (10.192.154.5): Unknown (Waiting)
                  Interface management (0.0.0.0): Unknown (Waiting)
                slot 1: ASA-SSM-20 hw/sw rev (1.0/7.0(2)E4) status (Up/Up)
                  IPS, 7.0(2)E4, Up

Stateful Failover Logical Update Statistics
        Link : Unconfigured.

I have tried using the

hw-module module 1 reset

to reset the IPS module but the status is always unresponsive.

Its production environment where i cannnot expirement much. Ned help to rectify the problem.

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic