Eğer sizde benim gibi AIP-SSM-10 IPS modülünü 5. versiyonu ile kullanıyor ve şifrenizi hatırlamıyorsanız, password-reset komutunu kullandığınızda aşağıdaki gibi bir hata ile baş başa kalacaksınız.
coasa# hw-module module 1 password-reset
Reset the password on module in slot 1? [confirm]
The SSM application version does not support password reset
Failed to reset the password on the module in slot 1
Bu durumun üstesinden gelebilmek için tek çözüm yazılımımızı 6.x versiyonuna yükseltmektir.Öncelikle güncel yazılımı indirmek için cisco sitesine giriş yapıyoruz ve güncel “.img” uzantılı yazılımı indiriyoruz.Ben örneğimde “IPS-SSM_10-K9-sys-1.1-a-6.2-4-E4.img” uzantılı dosyayı kullanacağım.
Konsol kablosunu,telnet veya ssh kullanarak cihaza erişim sağlıyoruz.Ben senaryomda konsol kablosunu kullanıyorum.
coasa>
coasa> en
Username: korayonder
Password: ********
coasa#
coasa# show module
Mod Card Type Model Serial No.
— ——————————————– —————— ———–
0 ASA 5510 Adaptive Security Appliance ASA5510 JMX1140L0KL
1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAF113804MF
Mod MAC Address Range Hw Version Fw Version Sw Version
— ——————————— ———— ———— —————
0 001c.5826.3119 to 001c.5826.311d 2.0 1.0(11)2 8.2(1)
1 001d.a298.c333 to 001d.a298.c333 1.0 1.0(11)2 5.1(6)E1
Mod SSM Application Name Status SSM Application Version
— —————————— —————- ————————–
1 IPS Up 5.1(6)E1
Mod Status Data Plane Status Compatibility
— —————— ——————— ————-
0 Up Sys Not Applicable
1 Up Up
“hw-module module 1 recover configure” komutunu kullanarak yazılım güncellemesi yapabilmek için ilgili çıkan sorulara cevap vererek tftp ip adresini ve yazılımın tam yolunu, ips modulun interface ip’sini ve default gateway tanımlamasını yapıyoruz.Tftp server olarak 3CDaemon, Cisco tftp server, solarwinds vb. versiyonlar sizi yarı yolda bırakabilirler.Şayet Tftpd32 2.0 kullanacak olursanız büyük dosyaların transferinde herhangi bir sıkıntı yaşamayacaksınız.
coasa# hw-module module 1 recover configure
Not: Eğer recovery configure ile ilgili bir hata alırsanız “hw-module module 1 recover stop” komutunu çalıştırabilirsiniz.
Image URL [tftp://0.0.0.0/]: tftp://192.168.1.20/IPS-SSM_10-K9-sys-1.1-a-6.2-4-E4.img
Port IP Address [0.0.0.0]: 192.168.1.10 (Modulun interface ip’sini giriyoruz)
VLAN ID [0]:
Gateway IP Address [0.0.0.0]: 192.168.1.20 (Gateway olarak ben tftp server ip adresimi gösterdim.Tftpdnld senaryosundan hatırlarsanız anlamsız bir şekilde problem çıkartabiliyor.Daha sonra girmiş olduğumuz ayarlarla sistemin yazılımı indirebilmesi için recover işlemini tetikliyoruz.)
coasa# hw-module module 1 recover boot
The module in slot 1 will be recovered. This may
erase all configuration and all data on that device and
attempt to download a new image for it.
Recover module in slot 1? [confirm]
Recover issued for module in slot 1
İlgili uyarı mesajından sonra IPS modülün durumunu kontrol ediyoruz.
coasa# show module
Mod Card Type Model Serial No.
— ——————————————– —————— ———–
0 ASA 5510 Adaptive Security Appliance ASA5510 JMX1140L0KL
1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAF113804MF
Mod MAC Address Range Hw Version Fw Version Sw Version
— ——————————— ———— ———— —————
0 001c.5826.3119 to 001c.5826.311d 2.0 1.0(11)2 8.2(1)
1 001d.a298.c333 to 001d.a298.c333 1.0 1.0(11)2 5.1(6)E1
Mod SSM Application Name Status SSM Application Version
— —————————— —————- ————————–
1 IPS Not Applicable 5.1(6)E1
Mod Status Data Plane Status Compatibility
— —————— ——————— ————-
0 Up Sys Not Applicable
1 Recover Not Applicable
İşlem adımlarını daha detaylı takip edebilmek için debug işlemi başlatarak durum izlemesi sağlıyoruz.
coasa# debug module-boot ?
<1-255> Specify an optional debug level (default is 1)
coasa# debug module-boot 255
debug module-boot enabled at level 255
Slot-1 8> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Slot-1 9> Platform ASA-SSM-10
Slot-1 10> GigabitEthernet0/0
Slot-1 11> Link is DOWN
Slot-1 12> MAC Address: 001d.a298.c333
Slot-1 13> Link State is Down
Slot-1 14> Rebooting due to Autoboot error …
Slot-1 15> Rebooting….
Slot-1 16> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Slot-1 17> Platform ASA-SSM-10
Slot-1 18> GigabitEthernet0/0
Slot-1 19> Link is DOWN
Slot-1 20> MAC Address: 001d.a298.c333
Slot-1 21> Link State is Down
Slot-1 22> Rebooting due to Autoboot error …
Slot-1 23> Rebooting….
Slot-1 24> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Slot-1 25> Platform ASA-SSM-10
Slot-1 26> GigabitEthernet0/0
Slot-1 27> Link is UP
Slot-1 28> MAC Address: 001d.a298.c333
Slot-1 29> ROMMON Variable Settings:
Slot-1 30> ADDRESS=192.168.1.10
Slot-1 31> SERVER=192.168.1.20
Slot-1 32> GATEWAY=192.168.1.20
Slot-1 33> PORT=GigabitEthernet0/0
Slot-1 34> VLAN=untagged
Slot-1 35> IMAGE=IPS-SSM_10-K9-sys-1.1-a-6.2-4-E4.img
Slot-1 36> CONFIG=
Slot-1 37> LINKTIMEOUT=20
Slot-1 38> PKTTIMEOUT=4
Slot-1 39> RETRY=20
Slot-1 40> tftp IPS-SSM_10-K9-sys-1.1-a-6.2-4-E4.img@192.168.1.20 via 192.168.1.20
Slot-1 41> TFTP failure: Packet verify failed after 20 retries
Slot-1 42> Rebooting due to Autoboot error …
Slot-1 43> Rebooting….
coasa#
Slot-1 44> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Slot-1 45> Platform ASA-SSM-10
Slot-1 46> GigabitEthernet0/0
Slot-1 47> Link is UP
Slot-1 48> MAC Address: 001d.a298.c333
Slot-1 49> ROMMON Variable Settings:
Slot-1 50> ADDRESS=192.168.1.10
Slot-1 51> SERVER=192.168.1.20
Slot-1 52> GATEWAY=192.168.1.20
Slot-1 53> PORT=GigabitEthernet0/0
Slot-1 54> VLAN=untagged
Slot-1 55> IMAGE=IPS-SSM_10-K9-sys-1.1-a-6.2-4-E4.img
Slot-1 56> CONFIG=
Slot-1 57> LINKTIMEOUT=20
Slot-1 58> PKTTIMEOUT=4
Slot-1 59> RETRY=20
Slot-1 60> tftp IPS-SSM_10-K9-sys-1.1-a-6.2-4-E4.img@192.168.1.20 via 192.168.1.20
IPS modül 20 sefer denemesine rağmen başarılı bir şekilde yazılımı download etme işlemine başlayamadı.Yukarıdaki denemelerde ips kart direk olarak laptop’ın ethernetine bağlıydı, fakat yukarıdaki boot komutundan sonra ips sensor interface’sini “down” ve ardından “up” yaptığı için laptop üzerinde kullandığım tftpd32 programı IPS interface’i down olduğunda interface laptop tarafında da down olduğu için otomatik olarak tek kullanılabilir olan “127.0.0.1” ip adresine bind oluyordu, laptop interface’i up duruma gelse dahi yeniden “192.168.1.20” ip adresine bind olamuyor ve loopback ipsini kullanmaya devam ediyordu.
Bu sıkıntıyı aşmak için ips sensor’u ve laptopu switch’in 3 ve 4. portlarına bağladım.Fakat yine sonuç husrandı.Çünkü sıkıntı switch portlarından kaynaklanıyordu.Port up olup image dosyasını çekmeye çalıştığında switch’in portları up olmak ve forwarding state’e gelmek için 50 saniyede boyunca spanning-tree protokolünü bekliyordu.Portfast komutu ile bu durumada bir çare getirerek durumundan üstesinden getirdim.
Switch bağlantısı:
telnet 192.168.1.254
User Access Verification
Username: korayonder
Password:
Switch#
Switch#conf t
Switch#terminal monitor
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int range fa0/3 – 4
Switch(config-if-range)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc… to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast will be configured in 2 interfaces due to the range command
but will only have effect when the interfaces are in a non-trunking mode.
Switch(config-if-range)#^Z
Switch#
Switch#exit
Ardından yeniden asa’ya dönerek modül durumunu kontrol ediyoruz.
coasa#
coasa# show module
Mod Card Type Model Serial No.
— ——————————————– —————— ———–
0 ASA 5510 Adaptive Security Appliance ASA5510 JMX1140L0KL
1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAF113804MF
Mod MAC Address Range Hw Version Fw Version Sw Version
— ——————————— ———— ———— —————
0 001c.5826.3119 to 001c.5826.311d 2.0 1.0(11)2 8.2(1)
1 001d.a298.c333 to 001d.a298.c333 1.0 1.0(11)2 5.1(6)E1
Mod SSM Application Name Status SSM Application Version
— —————————— —————- ————————–
1 IPS Not Applicable 5.1(6)E1
Mod Status Data Plane Status Compatibility
— —————— ——————— ————-
0 Up Sys Not Applicable
1 Recover Not Applicable
coasa#
coasa#
Evet sonunda yazılımı tftp sunucu üzerinden yüklemeye başladı.
Slot-1 61> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 62> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 63> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 64> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 65> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 66> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 67> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 68> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 69> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 70> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 71> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 72> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 73> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 74> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 75> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 76> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 77> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 78> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 79> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 80> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 81> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 82> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 83> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 84> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 85> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 86> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 87> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 88> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 89> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 90> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 91> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 92> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 93> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 94> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 95> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 96> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 97> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 98> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 99> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 100> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 101> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 102> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 103> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 104> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 105> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 106> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 107> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 108> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 109> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 110> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 111> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 112> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 113> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 114> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 115> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 116> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 117> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 118> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 119> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 120> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 121> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 122> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 123> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 124> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 125> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 126> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 127> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 128> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 129> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 130> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 131> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 132> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 133> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 134> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 135> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 136> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 137> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 138> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 139> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 140> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 141> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 142> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 143> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 144> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 145> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 146> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 147> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 148> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 149> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Slot-1 150> Received 29005087 bytes
Slot-1 151> Launching TFTP Image…
Slot-1 152> Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Slot-1 153> Platform ASA-SSM-10
Slot-1 154> Launching BootLoader…
Sonunda yazılım yükleme işlemimiz bitti şimdi modul durumunu yeniden gözden geçirerek yazılımın güncellendiğini kontrol ediyoruz.
coasa# show module
Mod Card Type Model Serial No.
— ——————————————– —————— ———–
0 ASA 5510 Adaptive Security Appliance ASA5510 JMX1140L0KL
1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAF113804MF
Mod MAC Address Range Hw Version Fw Version Sw Version
— ——————————— ———— ———— —————
0 001c.5826.3119 to 001c.5826.311d 2.0 1.0(11)2 8.2(1)
1 001d.a298.c333 to 001d.a298.c333 1.0 1.0(11)2 6.2(4)E4
Mod SSM Application Name Status SSM Application Version
— —————————— —————- ————————–
1 IPS Up 6.2(4)E4
Mod Status Data Plane Status Compatibility
— —————— ——————— ————-
0 Up Sys Not Applicable
1 Up Up
IPS modülüne bağlanarak basic yapılandırmamızı ve şifre tanımlamalarımızı yapıyoruz.
coasa#
coasa# session 1
Opening command session with slot 1.
Connected to slot 1. Escape character sequence is ‘CTRL-^X’.
login: cisco
Password: cisco
You are required to change your password immediately (password aged)
Changing password for cisco
(current) password:
New password: Cisco123
BAD PASSWORD: it is based on a dictionary word
New password: snaa
BAD PASSWORD: it does not contain enough DIFFERENT characters
New password: AcademyTech
Retype new password: AcademyTech
***NOTICE***
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
***LICENSE NOTICE***
There is no license key installed on the SSM-IPS10.
The system will continue to operate with the currently installed
signature set. A valid license must be obtained in order to apply
signature updates. Please go to http://www.cisco.com/go/license
to obtain a new license or install a license.
— Basic Setup —
— System Configuration Dialog —
At any point you may enter a question mark ‘?’ for help.
User ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets ‘[]’.
Current time: Thu Jan 5 20:04:30 2012
Setup Configuration last modified: Thu Jan 05 19:59:29 2012
Enter host name[sensor]: AIP-SSM-10_on_ASA5510
Enter IP interface[192.168.1.2/24,192.168.1.1]:
Modify current access list?[no]:
Modify system clock settings?[no]:
The following configuration was entered.
service host
network-settings
host-ip 192.168.1.2/24,192.168.1.1
host-name AIP-SSM-10_on_ASA5510
telnet-option disabled
ftp-timeout 300
no login-banner-text
exit
time-zone-settings
offset 0
standard-time-zone-name UTC
exit
summertime-option disabled
ntp-option disabled
exit
[0] Go to the command prompt without saving this config.
[1] Return to setup without saving this config.
[2] Save this configuration and exit setup.
[3] Continue to Advanced setup.
Enter your selection[3]: 0
sensor#
sensor#
sensor# show version
Application Partition:
Cisco Intrusion Prevention System, Version 6.2(4)E4
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S549.0 2011-02-17
OS Version: 2.4.30-IDS-smp-bigphys
Platform: ASA-SSM-10
Serial Number: JAF113804MF
No license present
Sensor up-time is 8 min.
Using 658141184 out of 1032495104 bytes of available memory (63% usage)
application-data is using 44.8M out of 166.8M bytes of available disk space (28% usage)
boot is using 41.1M out of 68.6M bytes of available disk space (63% usage)
MainApp E-ECLIPSE_624_2011_JUN_23_00_20_6_2_3_17 (Ipsbuild) 2011-06-23T00:24:58-0500 Running
AnalysisEngine E-ECLIPSE_624_2011_JUN_23_00_20_6_2_3_17 (Ipsbuild) 2011-06-23T00:24:58-0500 Running
CLI E-ECLIPSE_624_2011_JUN_23_00_20_6_2_3_17 (Ipsbuild) 2011-06-23T00:24:58-0500
Upgrade History:
IPS-K9-6.2-4-E4 16:34:06 UTC Thu Jun 23 2011
Recovery Partition Version 1.1 – 6.2(4)E4
Host Certificate Valid from: 05-Jan-2012 to 05-Jan-2014
sensor#
sensor# exit
coasa#
coasa# show module
Mod Card Type Model Serial No.
— ——————————————– —————— ———–
0 ASA 5510 Adaptive Security Appliance ASA5510 JMX1140L0KL
1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAF113804MF
Mod MAC Address Range Hw Version Fw Version Sw Version
— ——————————— ———— ———— —————
0 001c.5826.3119 to 001c.5826.311d 2.0 1.0(11)2 8.2(1)
1 001d.a298.c333 to 001d.a298.c333 1.0 1.0(11)2 6.2(4)E4
Mod SSM Application Name Status SSM Application Version
— —————————— —————- ————————–
1 IPS Up 6.2(4)E4
Mod Status Data Plane Status Compatibility
— —————— ——————— ————-
0 Up Sys Not Applicable
1 Up Up
coasa#
AIP-SSM-10 modülümüz yeni yazılımıyla hizmetimize hazır, hayırlı olsun 🙂