topic Hi, in Network Security

Unable to add powerfire to powersight

pgamage — Tue, 12 Mar 2019 12:53:29 GMT

I am trying to add ASA5508 to the firesight but failing.

show netstat displays established session with DNS server.

But with powersight, it is SYN_SENT

My powersight is in the inside interface.

show int ip br indicates the management 1/1 is in down/down state.

powerpower version 5.4.1

powersight version 6.0.0

> show netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 1 172.16.222.24:50346 172.16.22.25:8305 SYN_SENT < form firesight

udp 0 0 172.16.222.24:49151 172.16.22.32:53 ESTABLISHED <with DNS server

I will post configs and other show outputs necessary.

Can somebody help me please?

show interface in the firepower module

System> show interfaces
----------------------[ eth0 ]----------------------
Physical Interface : eth0
Type : Management
Status : Enabled
MDI/MDIX : Auto
MTU : 1500
MAC Address : EC:BD:1D:5F:A8:38
IPv4 Address : 172.16.22.24

ASA# sh int ip br
Management1/1 unassigned YES unset down down

Hi,

Aastha Bhardwaj — Fri, 05 Feb 2016 17:36:28 GMT

Hi,

You would definitely need to get the Management interface on ASA up and running because all the packets from SFR .

Check this : http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

Are yo able to ping the Firesight manager from SFR and vice a versa ?

Regards,

Aastha Bhardwaj

Rate if that helps!!!

I agree with Aastha's

Marvin Rhoads — Fri, 05 Feb 2016 20:08:01 GMT

I agree with Aastha's recommendations.

Also check the sfr module status from the ASA:

show module sfr details

Here's what a healthy module should look like:

ciscoasa# show module sfr details 
Getting details from the Service Module, please wait...

Card Type: FirePOWER Services Software Module
Model: ASA5506
Hardware version: N/A
Serial Number: JAD192903QT
Firmware version: N/A
Software version: 6.0.0-1005
MAC Address Range: 5897.bd27.8360 to 5897.bd27.8360
App. name: ASA FirePOWER
App. Status: Up
App. Status Desc: Normal Operation
App. version: 6.0.0-1005
Data Plane Status: Up
Console session: Ready
Status: Up
DC addr: 192.168.107.220 
Mgmt IP addr: 10.0.128.21 
Mgmt Network mask: 255.255.255.0 
Mgmt Gateway: 10.0.128.1 
Mgmt web ports: 443 
Mgmt TLS enabled: true 
ciscoasa#

ciscoasa# sh int ip br
Interface IP-Address OK? Method Status Protocol
Virtual0 127.1.0.1 YES unset up up 
GigabitEthernet1/1 10.0.129.1 YES CONFIG up up 
GigabitEthernet1/2 10.0.131.1 YES CONFIG up up 
GigabitEthernet1/3 10.0.130.1 YES CONFIG up up 
GigabitEthernet1/4 unassigned YES unset administratively down down
GigabitEthernet1/5 unassigned YES unset administratively down down
GigabitEthernet1/6 unassigned YES unset administratively down down
GigabitEthernet1/7 unassigned YES unset administratively down down
GigabitEthernet1/8 unassigned YES unset administratively down down
Internal-Control1/1 127.0.1.1 YES unset up up 
Internal-Data1/1 unassigned YES unset up up 
Internal-Data1/2 unassigned YES unset up up 
Internal-Data1/3 unassigned YES unset up up 
Management1/1 unassigned YES unset up up 
ciscoasa# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.


labsfr login: admin
Password: 
Last login: Thu Dec 3 02:24:36 UTC 2015 on ttyS1

Copyright 2004-2015, Cisco and/or its affiliates. All rights reserved. 
Cisco is a registered trademark of Cisco Systems, Inc. 
All other trademarks are property of their respective owners.

Cisco Fire Linux OS v6.0.0 (build 258)
Cisco ASA5506 v6.0.0 (build 1005)

> show netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State 
tcp 0 0 127.0.2.1:7000 127.0.1.1:1385 ESTABLISHED 
tcp 0 0 10.0.128.21:57169 192.168.107.220:8305 ESTABLISHED 
tcp 0 0 10.0.128.21:8305 192.168.107.220:55172 ESTABLISHED 
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path

<snip>

> 
> show interfaces
--------------------[ outside ]---------------------
Physical Interface : GigabitEthernet1/1
Type : ASA
Security Zone : Lab_ASA_Outside
Status : Enabled
Load Balancing Mode : N/A
---------------------[ inside ]---------------------
Physical Interface : GigabitEthernet1/2
Type ASA
Security Zone : Lab_ASA_Inside
Status : Enabled
Load Balancing Mode : N/A
----------------------[ dmz ]-----------------------
Physical Interface : GigabitEthernet1/3
Type : ASA
Security Zone Lab_ASA_DMZ
Status : Enabled
Load Balancing Mode : N/A
---------------------[ cplane ]---------------------
IPv4 Address : 127.0.2.1
----------------------[ eth0 ]----------------------
Physical Interface : eth0
Type : Management
Status : Enabled
MDI/MDIX : Auto
MTU : 1500
MAC Address : 58:97:BD:27:83:60
IPv4 Address : 10.0.128.21
----------------------[ tun1 ]----------------------
IPv6 Address : fdcc::bd:0:ffff:a9fe:1/64
---------------------[ tunl0 ]---------------------
----------------------------------------------------

> exit


labsfr login: 
Escape Sequence detected
Console session with module sfr terminated.
ciscoasa#

All those 'back ground'

pgamage — Sat, 06 Feb 2016 03:44:03 GMT

All those 'back ground' checkings are really useful. This level of focus definetly lead to solution doent matter how complex it is. really appriciated.

Thanks, Plugged a cable to

pgamage — Sat, 06 Feb 2016 03:52:33 GMT

Thanks, Plugged a cable to the Management 0/0 and everythign started to work. I wrongly thought M0/0 is software only as my power power is a software module.