Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9572
Views
5
Helpful
21
Replies

ASA 5506 ASDM can't connect to Firepower module

Go to solution
Javid_B
Level 1
Level 1

‎10-17-2018 01:12 AM - edited ‎03-12-2019 04:13 AM

Hi everyone, 

Not long time ago started to see such problem. I'm using the default ASA firewall config (inside is 192.168.42.253/24) and setup the FirePower module to use 192.168.42.203/24. I can ping the FirePower module from my PC and from the ASA's CLI and can connect via SSH. 

I've ran "show module" and the sfr module is Up/Up, and I have IP connection with the module from the ASA CLI. 

ASDM log from Java console show "Failed to connect to FirePower, continuing without it"

ASA version - 7.6(1)

ASDM version - 9.6(1)

Firepower module version - 6.0.1.4-82

Java version - JRE 1.8.0_181 x86

Help please.

Labels:
0 Helpful
21 Replies 21

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Javid_B

‎10-23-2018 02:19 AM

Is this a lab device or is it passing production traffic?

 

If it's in the lab I would just go ahead and re-image it and start over with version 6.2.3.

 

If it's in production I'd open a TAC case. It may have more issues that just ASDM access.

0 Helpful

Go to solution
Javid_B
Level 1
Level 1
In response to Marvin Rhoads

‎10-24-2018 11:55 PM - edited ‎10-25-2018 12:02 AM

Is this version supported by:

ASA version - 9.6(1)

ASDM version - 7.6(1)

 

or I need to upgrade everything?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Javid_B

‎10-25-2018 03:20 AM

Your ASA software is OK with respect to compatibility. For ASDM, you should use 7.9(2) with Firepower 6.2.3.x.

 

Reference:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#id_59075

0 Helpful

Go to solution
Javid_B
Level 1
Level 1
In response to Marvin Rhoads

‎10-25-2018 03:39 AM

Ok. Thank you. As I understood I have to uninstall current version of FirePOWER and install the new version 6.2.3.x with .img and .pkg files downloaded from cisco. Am I right?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Javid_B

‎10-25-2018 03:59 AM - edited ‎10-25-2018 04:00 AM

Yes, that's correct.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html#pgfId-1485825

 

...except that you shutdown and uninstall the sfr module in your use case (not ips) and then follow the procedure as written.

 

You'd start with 6.2.3 (asasfr-5500x-boot-6.2.3-4.img and asasfr-sys-6.2.3-83.pkg) and then patch it to 6.2.3.6 (Cisco_Network_Sensor_Patch-6.2.3.6-37.sh.REL.tar).

 

Those files can all be found here (entitlement required to download):

 

https://software.cisco.com/download/home/286283326/type/286277393/release/6.2.3.6

Go to solution
Javid_B
Level 1
Level 1
In response to Marvin Rhoads

‎10-25-2018 06:26 AM

Thank you!

0 Helpful

Go to solution
puddephad
Level 1
Level 1
In response to Marvin Rhoads

‎01-22-2020 10:26 AM

Hi Marvin, quick question. I have a similar issue where ASDM access to FirePower is intermittent, it loads but sometimes it asks for the SFR IP address and port and then opens but it loses access, whilst in operation (as per the picture).  If this is an easy fix for this great, however if I was to re-image to 6.2.3.6 would my FirePower backup from 6.2.2 work? Reconfiguring FirePower would cause me some pain.

Preview file
285 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card