https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148221#M1073715 <P>If you are using FMC to manage the FTD then you don't connect to it directly on https. You now need to configure it using the FMC.</P> Wed, 09 Sep 2020 07:16:57 GMT Rob Ingram 2020-09-09T07:16:57Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148185#M1073711 <P>Hello team,</P><P>We recently re-imaged 5516-x to FTD.</P><P>I am not able to access it using IP assigned to mgmt ip</P><P>When I do "show network"</P><P>&nbsp;</P><P>===============[ System Information ]===============<BR />Hostname : testftd<BR />Management port : 8305<BR />IPv4 Default route<BR />Gateway : 10.10.0.1</P><P>======================[ br1 ]=======================<BR />State : Enabled<BR />Channels : Management &amp; Events<BR />Mode : Non-Autonegotiation<BR />MDI/MDIX : Auto/MDIX<BR />MTU : 1500<BR />MAC Address : 03:AB:C4:C7:70:96<BR />----------------------[ IPv4 ]----------------------<BR />Configuration : Manual<BR />Address : 10.10.0.60<BR />Netmask : 255.255.255.0<BR />Broadcast : 10.10.0.255<BR />----------------------[ IPv6 ]----------------------<BR />Configuration : Disabled</P><P>===============[ Proxy Information ]================<BR />State : Disabled<BR />Authentication : Disabled</P><P>When I ping 10.10.0.60 or 10.10.0.1 it says&nbsp;</P><P>No route to host X.X.X.X</P><P>&nbsp;</P><P>When I checked in LINA engine Mgmt1/1 interface is admin down.</P><P>I selected option to manage it locally while setup.</P><P>&nbsp;</P><P>How can I access it ?</P> Wed, 09 Sep 2020 05:40:24 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148185#M1073711 umeshunited 2020-09-09T05:40:24Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148197#M1073712 <P>Hi,</P> <P>Use the command "ping<STRONG> system </STRONG>10.10.0.60"</P> <P>&nbsp;</P> <P>HTH</P> <P>&nbsp;</P> Wed, 09 Sep 2020 06:42:38 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148197#M1073712 Rob Ingram 2020-09-09T06:42:38Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148210#M1073713 <P>Hello Rob,</P><P>It's pinging. But from outside I am not able to access that IP using https.</P> Wed, 09 Sep 2020 07:04:33 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148210#M1073713 umeshunited 2020-09-09T07:04:33Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148221#M1073715 <P>If you are using FMC to manage the FTD then you don't connect to it directly on https. You now need to configure it using the FMC.</P> Wed, 09 Sep 2020 07:16:57 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148221#M1073715 Rob Ingram 2020-09-09T07:16:57Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148226#M1073717 <P>Hi,</P><P>I am not using FMC, I am planning to administer it locally only using FDM.</P><P>Also I tried ping to gateway "ping system 10.10.0.1" and it's not pinging. Switch port config is good I double checked.</P><P>&nbsp;</P> Wed, 09 Sep 2020 07:27:40 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148226#M1073717 umeshunited 2020-09-09T07:27:40Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148228#M1073718 <P>Sorry, my mistake, for some reason I thought you were using and FMC.</P> <P>&nbsp;</P> <P>Have you attempted to connect to the FTD using https from a PC in the same VLAN?</P> <P>To answer your previous question, you wouldn't be able to access the FTD from the outside, because until you've configured the FTD there is no outside interface, only the mgmt interface.</P> Wed, 09 Sep 2020 07:36:57 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148228#M1073718 Rob Ingram 2020-09-09T07:36:57Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148322#M1073725 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/212135">@umeshunited</a>&nbsp;</P><P>&nbsp;</P><P>Connetct your laptop directly to the firewall in case you think that something is not right with your internal network, your should be able to SSH to it.</P><P>&nbsp;</P><P>But give reboot before you try it.</P> Wed, 09 Sep 2020 10:49:23 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148322#M1073725 Ruben Cocheno 2020-09-09T10:49:23Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148336#M1073730 <P>Unfortunately I do not have any PC in that LAN right now. I am trying to ping 10.10.0.60 from switch( to which it's mgmt is connected) but not able to ping.&nbsp;</P><P>If gateway is correct than I should be able to ping gateway and any device should be able to ping it.</P><P>I am trying to https it via mgmt IP from different subnet but no luck.</P><P>&nbsp;</P> Wed, 09 Sep 2020 11:22:18 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4148336#M1073730 umeshunited 2020-09-09T11:22:18Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4149752#M1073836 <P>I have connected laptop to inside interface. I can ping it but not https/ssh.</P><P>Moreover I see some cts config already present on it apart from</P><P>interface GigabitEthernet1/2<BR />nameif inside<BR />cts manual<BR />propagate sgt preserve-untag<BR />policy static sgt disabled trusted<BR />security-level 100</P><P>ip address 192.168.1.1 255.255.255.0<BR /><BR />Do I need to enable something from ftd?</P> Fri, 11 Sep 2020 14:47:36 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4149752#M1073836 umeshunited 2020-09-11T14:47:36Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4149768#M1073837 <P>I have connected laptop to inside interface. I can ping it but not https/ssh.</P><P>Moreover I see some cts config already present on it apart from</P><P>interface GigabitEthernet1/2<BR />nameif inside<BR />cts manual<BR />propagate sgt preserve-untag<BR />policy static sgt disabled trusted<BR />security-level 100</P><P>ip address 192.168.1.1 255.255.255.0<BR /><BR />Do I need to enable something from ftd?</P> Fri, 11 Sep 2020 14:54:26 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4149768#M1073837 umeshunited 2020-09-11T14:54:26Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4149831#M1073842 <P>I also tried adding network in "configure https-access-list...." and "configure ssh-access-list .... " but no luck.</P> Fri, 11 Sep 2020 17:17:03 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4149831#M1073842 umeshunited 2020-09-11T17:17:03Z https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4152210#M1073960 <P>So here what helped me get access.</P><P>Configuration register was set as 0x41 so it was not loading default FTD configuration so mgmt interface was showing in admin down state. We changed it to 0x01 from ROMMON mode and now I was able to access it using mgmt interface IP address.</P> Wed, 16 Sep 2020 17:15:28 GMT https://community.cisco.com/t5/network-security/cisco-asa-gt-ftd-mgmt/m-p/4152210#M1073960 umeshunited 2020-09-16T17:15:28Z