Solved: ASA 5506-X firepower not working.

EdwinThoo · ‎07-25-2018

Hi Guys,

I am facing of my ASA 5506-X firepower was not working , had try to follow cisco datasheet setup accordingly but problem still persists.

Please help...

Card Type: FirePOWER Services Software Module
Model: ASA5506
Hardware version: N/A
Serial Number: XXXXXXXXX
Firmware version: N/A
Software version: 6.2.2-81
MAC Address Range: 00be.754c.c8f4 to 00be.754c.c8f4
App. name: ASA FirePOWER
App. Status: Up
App. Status Desc: Normal Operation
App. version: 6.2.2-81
Data Plane Status: Up
Console session: Ready
Status: Up
DC addr: No DC Configured
Mgmt IP addr: 192.168.1.254
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 192.168.1.1
Mgmt web ports: 443
Mgmt TLS enabled: true
ASA-FW# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.

Cisco ASA5506 v6.2.2 (build 81)
ASA-FirePower login: admin
Password:
Last login: Mon Jul 23 20:43:55 UTC 2018 on ttyS1
Last login: Wed Jul 25 00:35:26 UTC 2018 on ttyS1

Copyright 2004-2017, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.

Cisco Fire Linux OS v6.2.2 (bud 11)
Cisco ASA5506 v6.2.2 (build 81)

Last login: Wed Jul 25 00:01:01 UTC 2018 on cron
Last login: Wed Jul 25 00:35:26 UTC 2018 on ttyS1

System initialization in progress. Please stand by.
Creating default Identity Policy.
Creating default SSL Policy.

Cisco ASA5506 v6.2.2 (build 81)
ASA-FirePower login:

i have login to the module for only few seconds and it will prompt to request me login again and again.....

interface GigabitEthernet1/1
nameif outside-1
security-level 0
XXXXX
!
interface GigabitEthernet1/2
nameif outside-2
security-level 0
XXXXX
!
interface GigabitEthernet1/3
bridge-group 1
nameif inside-1
security-level 100
!
interface GigabitEthernet1/4
bridge-group 1
nameif inside-2
security-level 100
!
interface GigabitEthernet1/5
shutdown
bridge-group 1
nameif inside-3
security-level 100
!
interface Management1/1
management-only
no nameif
security-level 100
no ip address
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

Port management was connected to data interface gigabitethernet 1/4.. and when i login through ASDM the firepower menu tab is missing.

Marvin Rhoads · ‎07-25-2018

You wouldn't see the Firepower module via a WAN-accessed ASDM session unless you have a NAT rule in place for that traffic.

Under the covers ASDM is simultaneously accessing the sfr module management address to populate those sections of the GUI.

View solution in original post

Marvin Rhoads · ‎07-25-2018

What version of ASA software is installed?

EdwinThoo · ‎07-25-2018

Hi Marvin,

It's version 9.8.2

Thank you..

Marvin Rhoads · ‎07-25-2018

OK, so your software version is compatible.

Is this a brand new ASA with a Firepower module that just been taken through the initial setup?

It appears something hung up after that.

Do you have the ASA m1/1 interface plugged into an internal switch on the same VLAN as your inside interface? When you try to connect via ASDM is the PC on the same subnet as the sfr management address and your BVI?

You could try re-image of the module and go from there if all else fails.

EdwinThoo · ‎07-25-2018

Hi Marvin,

I am following the below picture to do.

Direct cable connect between M1/1 to Gigabitethernet 1/4 , i haven't try to plug in to switch as this ASA was a new deploy at my client site and i'm actually access this ASA via WAN , haven't try to access through local lan ...

Marvin Rhoads · ‎07-25-2018

You wouldn't see the Firepower module via a WAN-accessed ASDM session unless you have a NAT rule in place for that traffic.

Under the covers ASDM is simultaneously accessing the sfr module management address to populate those sections of the GUI.

EdwinThoo · ‎07-25-2018

Hi Marvin,

Thank you and appreciate your help , it's working right now .