cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1519
Views
5
Helpful
4
Replies

5516x w/firepower, unable to console to asa cli

Peter P
Level 4
Level 4

I have a new 5516-x with firepower. Console gives access to the firepower cli but I can't seem to get to the asa cli. the escape sequence 'CTRl-^X' is not dropping me out of firepower and into ASA. Am I missing something here? Firepower is running v6.1.0.

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

You probably have an ASA ordered with FirePOWER Threat Defense (FTD) image.

That is the combined image which does not have a separate service module separating the ASA code base from the FirePOWER services.

View solution in original post

4 Replies 4

Rahul Govindan
VIP Alumni
VIP Alumni

Strange. Ctrl-Shift6-X should ideally be enough to pull you out of the Firepower console back to the ASA. If you go in via SSH, are you able to session into the SFR without console? Is this a production device? If it's not, a reboot should be able to get you back.

Marvin Rhoads
Hall of Fame
Hall of Fame

You probably have an ASA ordered with FirePOWER Threat Defense (FTD) image.

That is the combined image which does not have a separate service module separating the ASA code base from the FirePOWER services.

Peter P
Level 4
Level 4

Yes, they are FTD which do not have the classic ASA CLI. A few notes in the event it helps anyone else.

I have 3 pairs, running 6.1, of what will be HA firewalls, 2x5516, 2x5525 and 2x5545s. They will be managed by FMC (a requirement for HA) however I expected the FDM (on chassis management) to be available on all. Only the 5516s were displaying the FDM properly. The 5525s and 5545s are failing to properly display any FDM pages beyond the login. TAC has been unable to resolve. We are choosing to ignore this issue in the hopes that management via FMC will be clean.

They will have to be upgraded to at least 6.2 to support anyconnect and site-to-site VPN interoperability.

Actually limited AnyConnect (remote access SSL VPN) support won't be introduced until version 6.2.1. We expect that release in the coming weeks.

That will be the initial release (think more like "1.0") and will not have feature parity with what's on the ASA code base today.

Review Cisco Networking for a $25 gift card