cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1306
Views
5
Helpful
7
Replies

After re-image no communication on management NIC 5508x

johgay
Cisco Employee
Cisco Employee

Has any one seen an issue where you re-image a 5508-x with a known good copy FTD 6.2.3. You use the same IP for the managment NIC for TFTP and HTTP to install the image. Once FirePower is on the device you can not communicate to or from the managment interface.

 

Ifconfig and show network look good. Tcpdump shows the interface receiving broadcasts but not direct traffic.

 

I can ping the local IP from the host along with 127.0.0.1. No other hosts on the subnet can ping the FTD box. I have tried multiple cables, plugging direct to the box and multiple switches from 10MB to 1GB.

 

The thing that gets me is that the interface works great for TFTP and HTTP for the reimage - just not for final config.

1 Accepted Solution

Accepted Solutions

johgay
Cisco Employee
Cisco Employee

I found the solution. The config register was set to 0x41 and should have been set to 0x1.

 

To fix I booted to rommon and executed the confreg command with showed the Current Configuration Register: 0x00000041

 

I issued the command: confreg 0x1

 

then issued the boot command

 

I found the solution here: https://techitw.wordpress.com/2018/01/10/firepower-threat-defense-installation-troubleshooting/

 

 

View solution in original post

7 Replies 7

mickyq
Level 1
Level 1
if its like the FPR-2140 i had to go into rommon to configure network perimeters try this link https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

Do you mean that FTD can't ping its default gateway. ? In tcpdump when you
ping from FTD do you see the traffic leaving.

If not then I think you need to reimage because ip-tables might be
corrupted.

That is correct. FTD can not ping the local gateway or anything else on the local network after FTD has been successfully installed.

Funny you mentioned IPtables - I checked the status of IPtables and everything looked identical to my other 5508.

I reimaged 4 times yesterday trying manual IP vs DHCP and found no difference (it did get a DHCP address each time).

I may re-image with ASA today, verify and try FTD again.

Any other thoughts or suggestions? The only other thing I have not done is replaced the ROMMON.

I am assuming you change the cabling and tried different switchport.

Try tac as you might have faulty unit. I can't think of anything else. I
did this many times and never faced such issue

Thanks. Yes - different cables, different switch ports and even different switches. It is only FTD that is causing the issue. I re-imaged with ASA software and installed the SFR module and everything works great.

 

I have tried 3 different versions of ROMMON and 2 different versions of FTD.

 

Everything works as it should until the system boots the FTD image. I can not contact the 192.168.45.45 default IP nor the one I statically/dynamically assign after the first boot process.

 

I have done this hundreds of times before and this is the first time I have run into this issue.

 

Thanks for the responses.

johgay
Cisco Employee
Cisco Employee

I found the solution. The config register was set to 0x41 and should have been set to 0x1.

 

To fix I booted to rommon and executed the confreg command with showed the Current Configuration Register: 0x00000041

 

I issued the command: confreg 0x1

 

then issued the boot command

 

I found the solution here: https://techitw.wordpress.com/2018/01/10/firepower-threat-defense-installation-troubleshooting/

 

 

Thanks for sharing the solution. Very helpful and new to me

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: