Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册
Enter the show module 1 details command on the ASA in order to monitor the recovery status.
5.
Once completed, enter the session 1 command on the ASA in order to connect to the IPS module.
6.
On the IPS, enter the setup command and configure the IP/Subnet Mask/Gateway/ACL.
7.
With the IPS module back on the network, restore the previous configuration via CLI (for example:
copy ftp://cisco123:cisco123@10.10.10.10/ips1−backup current−config).
copy ftp://cisco123:cisco123@10.10.10.10/ips1−backup current−config).
8.
In order to verify that the IPS running configuration is updated, enter the show config command.
9.
Reinstall the signature license and upgrade the signature definitions as required.
10.
If desired, enter the failover active command on the new standby unit in order to restore it to the
active state.
active state.
11.
Reimage the IPS on the Current Standby ASA (ASA 5500−X Series only)
Connect to the CLI of the standby ASA via console, Telnet, or SSH.
1.
Enter the show failover command in order to verify that the ASA is the standby unit.
2.
Enter the sw−module module ips recover configure command on the ASA and configure the
appropriate IP/TFTP settings.
appropriate IP/TFTP settings.
3.
Enter the sw−module module ips recover boot command on the ASA in order to transfer the image
and restart the IPS module.
and restart the IPS module.
4.
Enter the show module ips details command on the ASA in order to monitor the recovery status.
5.
Once completed, enter the session ips command on the ASA in order to connect to the IPS module.
6.
On the IPS, enter the setup command and configure the IP/Subnet Mask/Gateway/ACL.
7.
With the IPS module back on the network, restore the previous config via CLI (for example: copy
ftp://cisco123:cisco123@10.10.10.10/ips1−backup current−config).
ftp://cisco123:cisco123@10.10.10.10/ips1−backup current−config).
8.
In order to verify that the IPS running configuration is updated, enter the show config command.
9.
Reinstall the signature license and upgrade the signature definitions as required.
10.
On the standby ASA, enter the failover active command in order to make the standby unit active.
11.
Reimage the IPS on the New Standby ASA (ASA 5500−X Series only)
Connect to the CLI of the new standby ASA via console, Telnet, or SSH.
1.
Enter the show failover command in order to verify that the ASA is the new standby unit.
2.
Enter the sw−module module ips recover configure command on the ASA and configure the
appropriate IP/TFTP settings.
appropriate IP/TFTP settings.
3.
Enter the sw−module module ips recover boot command on the ASA in order to transfer the image
and restart the IPS module.
and restart the IPS module.
4.
Enter the show module ips details command on the ASA in order to monitor the recovery status.
5.
Once completed, enter the session ips command on the ASA in order to connect to the IPS module.
6.
On the IPS, enter the setup command and configure IP/Subnet Mask/Gateway/ACL.
7.
With the IPS module back on the network, restore the previous configuration via CLI (for example:
copy ftp://cisco123:cisco123@10.10.10.10/ips1−backup current−config).
copy ftp://cisco123:cisco123@10.10.10.10/ips1−backup current−config).
8.
In order to verify that the IPS running configuration is updated, enter the show config command.
9.
Reinstall the signature license and upgrade the signature definitions as required.
10.
If desired, enter the failover active command on the new standby unit in order to restore it to the
active state.
active state.
11.
Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the
commands used in this section.
commands used in this section.
Verify
Use this section to confirm that your configuration works properly.