Recovery the Password of IPS Module

Dear Expert,
I have an ASA 5500 series with AIP SSM (IPS module), the login name and password are lost.
According to the cisco portal, there are two approach to recover the password:
1. using CLI command: hw-module module slot_number password-reset;
2. using ASDM --> tools --> "IPS password reset"
I am not sure both commands to achieve the same result (recover password) or they may have different outcome (i.e. need to reset the module).
The device is on line, reset module is not prefered. 
After checking some information from internet, it suggests to reset the IPS module. Any problem will be occurred if the IPS module is not reset?
rdgs
Anita

I don't believe that either method will reset the module.

Similar Messages

  • ASA5505 un-responsive after installing ASA-SSC-AIP-5 IPS module

    Hello,
    Can anyone help?
    I have a pair of ASA 5505 firewalls in a failover configuration. Everything works correctly until I install the IPS module into the secondary firewall. When install I can no longer ping the firewall from the inside network. We do not have an external network set up at present.
    I have connected to the secondary firewall via the console. Issues the command "session 1" and can then get to the IPS. I have set the IPS hostname and given it an address on the interal network. I have set the ACL on the IPS to permit the inside range.
    The results are that we are unable to reach the ASA or the IPS on the internal range. The primary firewall is no longer able to ping the inside address of the secondary firewall. As soon as I remove the IPS modue all returns to normal. Im not sure what would be causing this. If anyone can tell me where they think I went wrong that would be great.
    Thanks

    This sounds like a IP issue some where on the ASA, or IPS module. Did you run a capture on the ASA, and the IPS module to see if the respones are arriveing? On the issue, you can use the "capture interface " on the ASA, and the "packet display expression host ". This will help you determin if there is a ARP, or some other IP related issue on the network.
    I hope this helps,
    Rafael

  • Can't get SNMP data from ASA's AIP 10 IPS module

    Hi,
    I have just had the AIP 10 IPS module installed onto my ASA 5520. I have now setup the SNMP and my SNMP server (solarwinds) can detect the CPU, Memory and sensors to monitor.
    The problem I have is the SNMP server is getting data form the sensors but not data from the CPU or memory mibs, is something denying this from the IPS?

    The following are some IDS mibs, Cisco forgot to link them on the MIBs page located at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
    ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-ENHANCED-MEMPOOL-MIB.my
    ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-PROCESS-MIB.my
    ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-CIDS-MIB.my
    ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-CIDS-MIB.oid
    ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-ENHANCED-MEMPOOL-MIB.oid
    Here is the forula we are using to get the memory utlization percentage(in BMC Dashboard):
    average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) / ( average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) + average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.7 ) ) * 100
    Which translates to:
    average ( select cempmempoolfree ) / ( average ( select cempmempoolfree ) + average ( select cempmempoolused ) ) * 100
    I'm unable to find the formula for the CPU, but try loading the PROCESS mib for that.
    average ( select 1.3.6.1.4.1.9.9.109.1.1.1.1.5 )
    Please rate if helpful.
    Regards
    Farrukh

  • Reg. 6509 IPS Module upgradn

    Hi
    I need to upgrade the Cisco Intrusion Prevention System, Version 6.0(2)E1 which is a prt of 6509 Bundle (Platform: WS-SVC-IDSM2-BUN ).There are 2 bundles of 6509 and in active-standby .
    a)Is upgrade procedure of 6509 Bundle E1 to E3 is different from normal upgradn procedure or is it same like other IPS .As IPS Module is without license can i upgrade it to 6.1(1)E3 or 6.2(1)E3
    b)What is the packet flow for 6509 Bundle as i am not aware as to who will forward the packet to IPS Module in this case (like in ASA , firewall wil fwd packet to IPS Module)
    d) There are 2 ethernet inetrfaces applied to backplane interface resepectively.If i want to put the module in Inline mode how will i accomplish the same

    IPS should be fine ASA5510 which supports VPN. Make sure you do the licensing part properly.

  • My ipod is disabled and i forgot the password and after that i plugged it in itunes and it still wont let me and the buttons arent working so i cant put it in recovery mode so what do i do!!

    my ipod is disabled and i forgot the password and after that i plugged it in itunes and it still wont let me and the buttons arent working so i cant put it in recovery mode so what do i do!!

    Use this program to place the iPod in recovery mode. Then restore.
    RecBoot: Easy Way to Put iPhone into Recovery Mode

  • I reset my disabled ipad 2 and it is asking me for the apple id which first set it up but i forgot the password for that apple id and the password/recovery information for the recovery email address. What can i do?

    i reset my disabled ipad 2 and it is asking me for the apple id which first set it up but i forgot the password for that apple id and the password/recovery information for the recovery email address. What can i do?

    Click here and use Apple's iForgot service, or contact their Account Security team, or if you're the device's original owner, take it and its purchase receipt to a physical Apple Store.
    (124525)

  • Recoverying the unrecoverable - iCloud password

    I have an old flip phone. My boss was nice enough to give me an old iPhone 4s he no longer used. Problem is he has 'Find My iPhone' turned on so I cannot reset the phone until it is turned off.
    Seems simple right? Nope. Here is where it all gets terrible... and quick! You need to sign into iCloud in order to turn 'Find iPhone' off BUT he can't seem to remember the password. Sure he remember two possible passwords that don't work. Great.
    Okay then, what about password recovery? Great idea! Except the fact that the email address used has issues. One of the passwords he provided me for iCloud happens to work for this ancient hotmail account but it tells him that they must be sure it is him that is accessing the account! Man o man what turd storm. So he can't access the recovery email address, so now that option too is out!
    So now I have an iPhone that is pretty much useless. The prompt for iCloud pops up constantly.
    If anyone knows of a way to wipe this clean so I can start again, I do have my own iTunes account with a password I remember!, I would be extremely appreciative. My boos told me he's pay for it to be reset if this can be done at the Apple store or whatever. I did swing by a local iPhone repair shop and was told there really isn't much of a work around for this. It's an anti-theft device but in this situation it's an anti-everything device!
    Thanks,
    Ryan

    He needs to do this:
    Sign in to his iCloud account at www.icloud.com/find.
    Click All Devices to open a list of devices linked to their account, then select the device to be removed. It should show a gray dot or the word “Offline” next to the device name.
    Click "Remove from Account" to remove the device from their account.
    If he doesn't know the password he should go to https://getsupport.apple.com , click' See all products and services', then 'More Products and Services, then 'Apple ID', then 'Other Apple ID Topics' then 'Lost or forgotten Apple ID password'. If he has any problems with that he should try this form: https://www.apple.com/emea/support/itunes/contact.html
    Without his doing all this you will not be able to use the phone; there is no way round the block and Apple cannot unblock it for you.

  • Forgot the "Password Recovery Question"

    Hi Support,
    I am using a blackberryid on phone, but I have forgot the password and the "Password Recovery Question". So I cannot login vai the phone / webpage.
    May I know how can I reset the "Password Recovery Question" / BlackberryID?
    Many Thanks.
    Samuel Hui

    Good day
    Welcome to BB forums
    If you need to Reset your password you can go here
    http://bbid.com
    Want to contract me? You can follow me on Twitter @RobGambino
    Be sure to click Like! for those who have helped you.
    Click Accept as Solution for posts that have solved your issue(s)!

  • HT201413 My iPhone 4's password protection is locked and is in recovery mode. The recovery download is blocked because of the password and I am unable to enter it.  How can find no way to bypass the password stored on my phone?

    How can I bypass or disable my pass word on my iPhone 4 when it is in recovery and I cannot access the password locked phone to unlock it?

    See Here  >  http://support.apple.com/kb/HT1808
    You may need to try this More than Once...
    But... if the Device has been Modified... this will Not necessarily work.

  • I did not recieve the password recovery instructions in my email?

    i did not recieve the password apple id recovery instructions in my email?

    Hey cuquintana,
         Sometimes, you can add a rescue email to your Apple ID. This is good in the event that you forget your password, as it will send that email to both your primary email address and your rescue email address. I would recommend checking your other email addresses first, and if you don't find anything, give Apple a call and have them walk you through the process of resetting it, just to make sure you've got your bases covered.
    Hope this helps,
    Bryan

  • Password Recovery on WAE 502 NM module

    Hi,
    Im unable to log into the NM module. The password wasnt changed by anyone but suddenly im unable to log into the device,,,, I had kept the password to default only but its not taking it,,
    How can u recover the password on a network module,,, i tried searching it but i can only find a doc which says reboot and change the flags to 8000 but the problem is when i reload the network module it dosnt show the booting sequence,,,??????
    The router im using is 2811 with 12.4(9)T1 IOS and WAE 502 NM module

    I would try a couple of commands from the router as sessioning into the NME from there, you should be able to see it boot.
    To see it's status...
    service-module integrated-service-engine slot/0 status
    Then session into it (you probably have already done this...)
    service-module integrated-service-engine slot/0 session
    and then
    service-module integrated-service-engine slot/0 reload
    If for some reason that doesn't work, you can try the following:
    service-module integrated-service-engine slot/0 reset
    However, that isn't graceful and will hard reset it and reload it. You should be able to see the boot in the session.
    I grabbed that from http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v403/module/configuration/guide/wsnmecfg.html
    Hope that helps,
    Dan

  • Help with unlocking a disabled ipad 2! When I put it in recovery mode Itunes wants the password/ code that I've forgotten...

    The computer says that it's extracting software etc then it gets to a certain point when it says, please enter ipads password / code...
    This I've forgotten..
    What can I do?

    Hi and thanks for your reply,
    it still doesn't work.
    I ve  followed the steps promted by iTunes three times and every time it gets to a stage when "it" says now enter the password or code to your ipad.
    I have forgotten the password/code, and then it's back to square one again...?
    Kind regards David

  • HT201413 my iphone 3GS is stuck in recovery mode after someone had put the password in toomany times. I restore it and it says error 1015. What do I do?

    So, my Iphone was stollen and I soon recovered it after they had put the password in toomany times and they could then not use it, I put it into reovery mode as a apple support page said to do it, from then i tried to restore it but it says error1015, what do i do to restore my Iphone 3GS?

    Unauthorized modification of iOS
    http://support.apple.com/kb/HT3743
    samiitink wrote:
    ... it says error1015,
    This Error Code is indicative of the Device being jailbroken / Hacked...
    Sorry... But...
    The discussion of Jailbroken Devices is against the Terms of Use of this Forum.
    You will need to look elsewhere.

  • Pleasee! I need help I cant unlock my iphone I dont remember the password of my apple ID and all the recovery options are not helpful

    please I need help with my iphone 4S
    I reset but I didnt mind that to unlock it I need to put my old ID apple and I really dont remember the password just the ID and I cant use my iphone if i dont put the right code.
    All the options that apple gave me are not usefull i went to my apple store and they didnt help me with that what should i do?

    If you can't remember the password for your old ID you can reset the password as explained here: http://support.apple.com/kb/PH2617.  If you can't reset the password yourself, you can contact the Apple account security team for your country for assistance: Apple ID: Contacting Apple for help with Apple ID account security.  If your country isn't listed, you can contact iTunes store support by filling out this form: https://ssl.apple.com/emea/support/itunes/contact.html.
    Before doing any of that, make sure it's asking for your ID and not someone else's ID.  It will require the ID that was used to activate the phone originally.  If you aren't the original owner, only they can help.  You have to either get the ID and password from them, or have them erase the phone and remove it from their account as explained here: Find My iPhone Activation Lock: Removing a device from a previous owner’s account so you can reactivate it using your own ID.

  • ASA SSM IPS module upgrade won't work

    Hello all,
    I'm trying to upgrade the IPS sig's on an ASA5520 with a SSM IPS module. I'm trying to upgrade the system to 5.1.1 to further upgrade the device with no luck.
    I followed these steps provided by Cisco.com:
    1. Log in to the ASA.
    2. Enter enable mode:
    asa# enable
    3. Configure the recovery settings for ASA-SSM:
    asa (enable)# hw-module module 1 recover configure
    NOTE: If you make an error in the recovery configuration, use the
    hw-module module 1 recover stop command to stop the system reimaging
    and then you can correct the configuration.
    4. Specify the TFTP URL for the system image:
    Image URL [tftp://0.0.0.0/]:
    Example:
    Image URL [tftp://0.0.0.0/]: tftp://10.20.30.40/IPS-SSM-K9-sys-1.1-a-5.1-1.img
    5. Specify the command and control interface of ASA-SSM:
    Port IP Address [0.0.0.0]:
    Example:
    Port IP Address [0.0.0.0]: 11.21.31.41
    6. Leave the VLAN ID at 0.
    VLAN ID [0]:
    7. Specify the default gateway of the ASA-SSM:
    Gateway IP Address [0.0.0.0]:
    Example:
    Gateway IP Address [0.0.0.0]: 11.22.33.44
    8. Execute the recovery:
    asa# hw-module module 1 recover boot
    9. Periodically check the recovery until it is complete.
    NOTE: The status reads "Recovery" during recovery and reads "Up" when
    reimaging is complete.
    AFter #8 it just goes back to the enable prompt. A 'sh module' lists the device as 'recover' and hangs FOREVER.... I tested the TFTP server which the new image resides on, and the TFTP is working fine. I don't see any attempts or downloads from the TFTP server for over an hour.
    I opened a Ciscop TAC on this and not receiving alot of help...
    Please help!!!:)
    Thanks
    Chris Serafin
    [email protected]

    The recovery using this method can takes upwards of 30 minutes, and in some cases even longer.
    How long have you left the SSM in the "recovery" state?
    There may be something wrong in the config you entered. when that happens the SSM can go into a continuous reboot cycle trying to do the recovery.
    Execute "debug module-boot" on the console of the ASA.
    The debug output will show you the ROMMON output of the SSM itself. (The SSM has it's own ROMMON. The recovery boot command sends the settings made during the recover configure command to the SSM's ROMMON).
    If the ROMMON is experiencing a problem in trying to download the tftp image you should now see that ROMMON error message.
    Some typical problems I have seen:
    1) Wrong IP given for the sensor.
    2) Wrong IP given for the gateway (the gateway must exist on the same network as the sensor) this problem usually happens when using a non-standard netmasked network.
    3) Not having the sensor's command and control port plugged into the right network. The external port of the SSM itself is where the IP is being applied. You need to ensure that the extenral port of the SSM is plugged into the right network for that IP.
    4) The tftp server is not reachable from the network where the sensor's command and control port is attached. Some users think that if the ASA itself can reach the tftp server that the SSM will also be able to. This is not always the case. It is best to use a tftp server on the same network as the IP provided to the SSM. Or to test the tftp server from another machine on the same network as the SSM.
    5) The file name is wrong. Check the captialization especially.
    6) The file is not in the default directory on the tftp server. If the file is in a subdirectory you will need to add that subdirectory to the URL:
    tftp://10.20.30.40/subdirectoryname/filename
    7) The tftp is timing out.
    There are 2 things that can cause this:
    a) The tftp server is remote, and it takes too long to download the file. The ROMMON does have limits on the number of retries and per packet timeouts (but they are not user configurable). Try using a tftp server local to the SSM.
    b) The switch that the SSM connects to has spanning-tree running and spanning-tree does not complete before the SSM ROMMON times out for the tftp attempt. The tftp attempt happens immediately upon ROMMON startup and link up. But with a switch the switch port may be in a "Listen" or "Learn" state for 40 seconds before the box can actually talk on the network. In some cases the tftp download attempts started as soon as link up, and may timeout even before the spanning-tree completes. To work around this configure "spanning-tree portfast" on the switchport. Spanning-tree will connect the port into the vlan immediately rather than 40 seconds later.
    If it was a config problem when configuring the recovery settings, then there is a "recover stop" command on the ASA.
    It will stop the reboot cycle from happening.
    Let the module come up with the old image.
    Then correct your "recover configure" settings, and try the "recover boot" again.
    Another alternative:
    Stop the recovery "recover stop"
    Let it boot into the old image.
    If it was a 5.0 version, then you can actually upgrade to 5.1 using the sensor's own CLI "upgrade" command. It is actually the preferred method.
    The "recover" from the ASA will wipe the box clean and load a fresh image.
    The "upgrade" from the sensor will convert your 5.0 config into a 5.1 config while installing 5.1.
    5.1 upgrade file:
    IPS-K9-min-5.1-1g.pkg
    http://www.cisco.com/cgi-bin/tablebuild.pl/ips5
    It can be applied through the sensor's CLI upgrade command, or pushed directly through IDM, or applied by CSM.
    The "recover" should be limited to disaster recovery. When you can't access the SSM at all, or the files on the SSM have been corrupted.
    For normal upgrades you want to use "upgrade" files done through the sensor itelf (CLI, IDM, or CSM).

Maybe you are looking for