Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1491
Views
5
Helpful
5
Replies

ASA 5506-x doesn't see sfr module

Andrii Trushenko
Level 1
Level 1

‎02-05-2018 08:00 AM - edited ‎02-21-2020 07:17 AM

Good day forum users. 
It is my first post here, and I am seeking for your support on one problem . I am trying to first setup  the ASA5506-x and it seems that something missing in image file shipped with HW: 

 

firepower# show module all

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5506-X with FirePOWER services, 8GE, AC, ASA5506 JAD2143090G
1 Unknown N/A JAD2143090G

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 6cb2.aedd.ff22 to 6cb2.aedd.ff2b 2.0 1.1.8 9.7(1)4
1 6cb2.aedd.ff21 to 6cb2.aedd.ff21 N/A N/A

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
1 Unknown No Image Present Not Applicable

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
1 Down Not Applicable

 

 

firepower# dir /all

Directory of disk0:/

78 -rwx 107035120 14:45:06 Mar 31 2017 os.img
79 -rwx 33 08:08:14 Feb 05 2018 .boot_string
80 -rwx 150382 04:16:30 Nov 10 2017 install.log
15 drwx 4096 04:48:20 Nov 10 2017 log
21 drwx 4096 04:49:10 Nov 10 2017 crypto_archive
22 drwx 4096 04:49:18 Nov 10 2017 coredumpinfo

 

firepower# show ver
-------------------[ firepower ]--------------------
Model : Cisco ASA5506-X Threat Defense (75) Version 6.2.0 (Build 363)
UUID : 540f1a96-c5ce-11e7-acfa-ff028635e5fe
Rules update version : 2016-03-28-001-vrt
VDB version : 271
----------------------------------------------------

Cisco Adaptive Security Appliance Software Version 9.7(1)4
Firepower Extensible Operating System Version 2.1(1.66)

Compiled on Fri 31-Mar-17 07:44 PDT by builders
System image file is "disk0:/os.img"
Config file at boot was "startup-config"

firepower up 48 mins 5 secs

Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1

1: Ext: GigabitEthernet1/1 : address is 6cb2.aedd.ff23, irq 255
2: Ext: GigabitEthernet1/2 : address is 6cb2.aedd.ff24, irq 255
3: Ext: GigabitEthernet1/3 : address is 6cb2.aedd.ff25, irq 255
4: Ext: GigabitEthernet1/4 : address is 6cb2.aedd.ff26, irq 255
5: Ext: GigabitEthernet1/5 : address is 6cb2.aedd.ff27, irq 255
6: Ext: GigabitEthernet1/6 : address is 6cb2.aedd.ff28, irq 255
7: Ext: GigabitEthernet1/7 : address is 6cb2.aedd.ff29, irq 255
8: Ext: GigabitEthernet1/8 : address is 6cb2.aedd.ff2a, irq 255
9: Int: Internal-Data1/1 : address is 6cb2.aedd.ff22, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is 6cb2.aedd.ff22, irq 0
14: Int: Internal-Data1/4 : address is 0000.0100.0001, irq 0

Serial Number: JAD2143090G
Configuration register is 0x1
Image type : Release
Key Version : A
Configuration has not been modified since last system restart.

 

I have tried to install asasfr-5500x-boot-6.2.2-3.img from disk1:/  but with no luck. 
Does anyone have suggestions what I need to do next to fix this ? 

Labels:
0 Helpful
5 Replies 5

Karsten Iwen
VIP
VIP

‎02-05-2018 09:05 AM

You are not running an ASA with firepower. Your device is running the FTD image. Here is the quick-start guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5506X/ftd-fdm-5506x-qsg.html

Andrii Trushenko
Level 1
Level 1
In response to Karsten Iwen

‎02-05-2018 09:25 AM - edited ‎02-05-2018 10:02 AM

Sorry, for this rookie question , but I cannot  unblock GiEthernet interfaces that will allow me to use solution you provided.  They are administratively block at a time, so I am afraid I wont be able to access FDM or FMC

0 Helpful

Andrii Trushenko
Level 1
Level 1
In response to Andrii Trushenko

‎02-05-2018 04:40 PM

Any suggestions about interfaces ? How can I apply no shut so to perform initial installation procedure? 

firepower-boot>show interfaces
eth0 Link encap:Ethernet HWaddr 6c:b2:ae:dd:ff:21
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.255.255.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:552 (552.0 B) TX bytes:552 (552.0 B)



 

firepower# show interface summary
Interface GigabitEthernet1/1 "", is administratively down, line protocol is down
# Attention: This interface is located in a PCI-e x2 slot. For #
# optimal throughput, install the interface in a PCI-e x4 slot #
# if one is available. Refer to 'show controller slot'. #
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address 6cb2.aedd.ff23, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (1023/1023)
output queue (blocks free curr/low): hardware (1023/1023)

0 Helpful

#Mat
Level 6
Level 6
In response to Andrii Trushenko

‎02-05-2018 06:40 PM

Hi Andrii TrushenkoYou can't config FTD from CLI. You have to use FMC o FDM. With "show manager" you can check it.

 

If you are using FDM:

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5506X/ftd-fdm-5506x-qsg.html#pgfId-156047


If you have FMC:

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118596-configure-firesight-00.html#anc5

 

Remember that you have to use management interface for administrative access. FTD is not an ASA.

 

Regards.-

.
0 Helpful

Andrii Trushenko
Level 1
Level 1
In response to #Mat

‎02-06-2018 04:57 PM

I would really to try this solution, but I can not connect device to my WAN network - indicators on a ports of ASA are not blinking. When connecting to WAN device's port where ASA is connected it doesn't see any device connected to it, when connect to ASA through the console it shows that all interfaces are in Administratively Shutdown mode. 
Without any access to conft mode I have no option to unblock them. 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card