01-17-2014 10:34 AM - edited 03-08-2019 06:53 PM
I was tasked with installing an ASA5515-X with CX. I configured the ASA, installed the AD Agent on a Windows server and configured on-box PRSM. Everything was working great. I then cut over to the new ASA. Everything was working except browsing. I could ping, do DNS lookup's, just no browsing. I concluded that the CX policy must have something to do with the browsing issue. I tried to web to the CX, but I was getting no response. I tried getting to the CLI through the ASA session command. Again no repsonse. I check the status of the module and it looked good.
ASA-CX# sh module
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525 ***********
ips Unknown N/A ***********
cxsc Unknown N/A ***********
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 4c4e.35ea.da6b to 4c4e.35ea.darr 1.0 2.1(9)8 9.1(1)
ips 4c4e.35ea.da69 to 4c4e.35ea.darr N/A N/A
cxsc 4c4e.35ea.da69 to 4c4e.35ea.darr N/A N/A 9.1.1
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not Applicable
cxsc ASA CX Up 9.1.1
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc Up Up
Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips IPS Module Disabled perpetual
ASA-CX#
I decided I would reboot the CX module. Now things went from bad to worse. The CX module would not boot. It would stay in Init. After about 10 minutes it would go to Unresponsive for about 5 seconds and then back into Init. After trying commands to shutdown, reset, reload, etc the CX module without luck I ended up opening a TAC case. They stated I would have to recover the CX. I had figured this already but I already had the AD Agent and all working so I was really trying to not do the recovery. Anyway I had to recover. However I hit another SNAFU. I could not recover it.
ASA-CX(config)# sw-module module cxsc recover boot
Module cxsc will be recovered. This may erase all configuration and all data
on that device and attempt to download/install a new image for it. This may take
several minutes.
Recover module cxsc? [confirm]
Module cxsc cannot be recovered, not in Up, Down, or Unresponsive state.
ASA-CX(config)# sh module
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525 **********
ips Unknown N/A **********
cxsc Unknown N/A **********
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 4c4e.35ea.da6b to 4c4e.35ea.darr 1.0 2.1(9)8 9.1(1)
ips 4c4e.35ea.da69 to 4c4e.35ea.darr N/A N/A
cxsc 4c4e.35ea.da69 to 4c4e.35ea.darr N/A N/A
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not Applicable
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc Init Not Applicable
Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips IPS Module Disabled perpetual
What finally resolved the issue was a power cycle of the ASA. When the ASA came back up I checked the module status and it again said it was in Init.
ASA-CX# sh module
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525 *********
ips Unknown N/A *********
cxsc Unknown N/A *********
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 4c4e.35ea.da6b to 4c4e.35ea.darr 1.0 2.1(9)8 9.1(2)
ips 4c4e.35ea.da69 to 4c4e.35ea.darr N/A N/A
cxsc 4c4e.35ea.da69 to 4c4e.35ea.darr N/A N/A
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not Applicable
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc Init Not Applicable
Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips IPS Module Disabled perpetual
I decided to try and and shut it down again. Nothing to lose right?
ASA-CX# sw-module module cxsc shutdown
Shutdown module cxsc? [confirm]
Shutdown issued for module cxsc.
ASA-CX# sho module
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525 *********
ips Unknown N/A *********
cxsc Unknown N/A *********
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 4c4e.35ea.da6b to 4c4e.35ea.darr 1.0 2.1(9)8 9.1(2)
ips 4c4e.35ea.da69 to 4c4e.35ea.darr N/A N/A
cxsc 4c4e.35ea.da69 to 4c4e.35ea.darr N/A N/A
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not Applicable
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc Down Not Applicable
Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips IPS Module Disabled perpetual
Finally that fixed it! Now that it is down I can recover the image.
I'm having this exact same problem with our SFR module. Waiting for a maintenance window to power cycle ASA. I have found no documentation on how to get the sfr module out of init. I'll let you know how it goes.
I had the same problem with the SFR module. Issued a "sw-module module sfr recover stop" and waited a couple mins. Reloaded with "sw-module module sfr recover boot" and was back in business.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: