AIP-SSM Module Software Recovery

This section covers how you can do a software recovery on the AIP-SSM through the Cisco ASA operating system. The Cisco IPS system recovery image completely refreshes the AIP-SSM to its initial state for a given software release. You can use the hw-module module command to recover, reload, reset, or shut down the AIP-SSM. The following is the command syntax:

hw-module module slot reload

hw-module module slot reset

hw-module module slot shutdown

hw-module module slot recover [boot | configure | stop]

The following steps are necessary to completely refresh the AIP-SSM:

Step 1.

Use the hw-module module 1 recover configure command to configure the recovery parameters for the AIP-SSM:
 

Chicago# hw-module module 1 recover configure

Image URL [tftp://0.0.0.0/]: tftp://172.18.124.9

/IPS-SSM-K9-sys-1.1-a-5.0-2-s152.img

Port IP Address [0.0.0.0]: 172.18.124.11



VLAN ID [0]:

Gateway IP Address [0.0.0.0]: 172.18.124.1

After invoking the hw-module module 1 recover configure command, the ASA asks you for the complete URL for the TFTP server from which the AIP-SSM will pull the recovery image. This TFTP server must be accessible by the AIP-SSM management port. The port IP address is the IP address of the AIP-SSM management port. You are also asked for the VLAN ID and default gateway IP address. A VLAN ID of 0 represents that VLANs are not used. You can use the show module module recover command to display and verify the configured recovery parameters:
 
Chicago# show module 1 recover

Module 1 recover parameters...

Boot Recovery Image: Yes

 Image URL: tftp:// 172.18.124.9

/IPS-SSM-K9-sys-1.1-a-5.0-2-s152.img

Port IP Address: 172.18.124.11



Gateway IP Address: 172.18.124.1

VLAN ID: 0
 

Step 2.

To initiate the recovery, use the hw-module module 1 recover boot command. The Cisco ASA displays a warning message about erasing all configuration and data on the module. It prompts the user to confirm the recovery process:
 

Chicago# hw-module module 1 recover boot

The module in slot 1 will be recovered. This may

erase all configuration and all data on that device and

attempt to download a new image for it.

Recover module in slot 1? [confirm]

Reset issued for module in slot 1

You must first configure the recovery parameters before invoking the previous command. If you do not configure these parameters, the following error is displayed:
 
Chicago# hw-module module 1 recover boot

The module in slot 1 can not be recovered.

The tftp url and port address must be configured via

 hw-module module 1 recover configure
 

Previously in this chapter, you learned that you can use the show module command to obtain information about the modules installed on your ASA. You can also use the show module module-number details command to obtain more detailed information about the AIP-SSM module installed on the system. Example 13-3 includes the output of this command.

Example 13-3. Output of show module details Command

Chicago# show module 1 details

Getting details from the Service Module, please wait...

ASA 5500 Series Security Services Module-20

Model: ASA-SSM-20

Hardware version: 1.0

Serial Number: 0

Firmware version: 1.0(7)2

Software version: 5.0(2)S152

Status: Up

Mgmt IP addr: 172.18.124.11

Mgmt web ports: 443

Mgmt TLS enabled: true


Part I: Product Overview

Introduction to Network Security

Product History

Hardware Overview

Part II: Firewall Solution

Initial Setup and System Maintenance

Network Access Control

IP Routing

Authentication, Authorization, and Accounting (AAA)

Application Inspection

Security Contexts

Transparent Firewalls

Failover and Redundancy

Quality of Service

Part III: Intrusion Prevention System (IPS) Solution

Intrusion Prevention System Integration

Configuring and Troubleshooting Cisco IPS Software via CLI

Part IV: Virtual Private Network (VPN) Solution

Site-to-Site IPSec VPNs

Remote Access VPN

Public Key Infrastructure (PKI)

Part V: Adaptive Security Device Manager

Introduction to ASDM

Firewall Management Using ASDM

IPS Management Using ASDM

VPN Management Using ASDM

Case Studies



Cisco Asa(c) All-in-one Firewall, IPS, And VPN Adaptive Security Appliance
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
ISBN: 1587052091
EAN: 2147483647
Year: 2006
Pages: 231

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net