Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2274
Views
0
Helpful
4
Replies

Firepower not reachable via ASDM

martino-cisco
Level 1
Level 1

‎08-24-2017 08:55 AM - edited ‎03-08-2019 05:44 PM

Hi All,

I'm currently having an issue with an ASA5512 that is configured with work with Firepower. Firepower has been successfully installed and configured using the firewall's MGT interface in the same VLAN as the inside interface. Logging on via ASDM gets to about 17% while loading before giving the error 'Cannot connect to the Firepower module'.

- My connection is coming into via the Inside interface

- 'show module sfr' shows the module is 'Up'

- I am also able to log on to the CLI of the module and all seems fine. However, i can't get rid of this error

 

Worth noting that I have done the exact same build with another ASA5512 with Firepower via ASDM and it works.

 

I appreciate any feedback or assistance on this.

 

Thanks

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-24-2017 09:57 AM

What are your respective versions of ASA, ASDM and Firepower?

 

ASDM loads the Firepower bits based on what you would see when running "show module sfr detail" from the ASA cli. Does the output of that command match what you expect?

0 Helpful

martino-cisco
Level 1
Level 1
In response to Marvin Rhoads

‎08-24-2017 10:06 AM

Hi Marvin,

ASA version is 9.6.2

ASDM is 7.6.2

Firepower is 6.1.0-330.

 

Yes, the output of 'show module sfe detail' is as i expect. It also confirms the Data Plane status is Up

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to martino-cisco

‎08-24-2017 10:13 AM

OK, your basics seem OK. those are generally pretty good versions (though I recommend going with the more recent 6.2.0.2).

 

Have you tried it from a different PC to rule out client-side issues?

0 Helpful

martino-cisco
Level 1
Level 1
In response to Marvin Rhoads

‎11-09-2017 06:45 AM

Hi Marvin,

Tried from a different PC. No luck. After some troubleshooting, I found that the traffic was actually reaching the firepower module but the return traffic from the firepower module wasn't getting back to the client that initiated the TCP session in the first place. That introduces a new issue entirely.

 

Thanks though

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents