02-05-2018 08:00 AM - edited 02-21-2020 07:17 AM
Good day forum users.
It is my first post here, and I am seeking for your support on one problem . I am trying to first setup the ASA5506-x and it seems that something missing in image file shipped with HW:
firepower# show module all
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5506-X with FirePOWER services, 8GE, AC, ASA5506 JAD2143090G
1 Unknown N/A JAD2143090G
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 6cb2.aedd.ff22 to 6cb2.aedd.ff2b 2.0 1.1.8 9.7(1)4
1 6cb2.aedd.ff21 to 6cb2.aedd.ff21 N/A N/A
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
1 Unknown No Image Present Not Applicable
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
1 Down Not Applicable
firepower# dir /all
Directory of disk0:/
78 -rwx 107035120 14:45:06 Mar 31 2017 os.img
79 -rwx 33 08:08:14 Feb 05 2018 .boot_string
80 -rwx 150382 04:16:30 Nov 10 2017 install.log
15 drwx 4096 04:48:20 Nov 10 2017 log
21 drwx 4096 04:49:10 Nov 10 2017 crypto_archive
22 drwx 4096 04:49:18 Nov 10 2017 coredumpinfo
firepower# show ver
-------------------[ firepower ]--------------------
Model : Cisco ASA5506-X Threat Defense (75) Version 6.2.0 (Build 363)
UUID : 540f1a96-c5ce-11e7-acfa-ff028635e5fe
Rules update version : 2016-03-28-001-vrt
VDB version : 271
----------------------------------------------------
Cisco Adaptive Security Appliance Software Version 9.7(1)4
Firepower Extensible Operating System Version 2.1(1.66)
Compiled on Fri 31-Mar-17 07:44 PDT by builders
System image file is "disk0:/os.img"
Config file at boot was "startup-config"
firepower up 48 mins 5 secs
Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1
1: Ext: GigabitEthernet1/1 : address is 6cb2.aedd.ff23, irq 255
2: Ext: GigabitEthernet1/2 : address is 6cb2.aedd.ff24, irq 255
3: Ext: GigabitEthernet1/3 : address is 6cb2.aedd.ff25, irq 255
4: Ext: GigabitEthernet1/4 : address is 6cb2.aedd.ff26, irq 255
5: Ext: GigabitEthernet1/5 : address is 6cb2.aedd.ff27, irq 255
6: Ext: GigabitEthernet1/6 : address is 6cb2.aedd.ff28, irq 255
7: Ext: GigabitEthernet1/7 : address is 6cb2.aedd.ff29, irq 255
8: Ext: GigabitEthernet1/8 : address is 6cb2.aedd.ff2a, irq 255
9: Int: Internal-Data1/1 : address is 6cb2.aedd.ff22, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is 6cb2.aedd.ff22, irq 0
14: Int: Internal-Data1/4 : address is 0000.0100.0001, irq 0
Serial Number: JAD2143090G
Configuration register is 0x1
Image type : Release
Key Version : A
Configuration has not been modified since last system restart.
I have tried to install asasfr-5500x-boot-6.2.2-3.img from disk1:/ but with no luck.
Does anyone have suggestions what I need to do next to fix this ?
02-05-2018 09:05 AM
You are not running an ASA with firepower. Your device is running the FTD image. Here is the quick-start guide:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5506X/ftd-fdm-5506x-qsg.html
02-05-2018 09:25 AM - edited 02-05-2018 10:02 AM
Sorry, for this rookie question , but I cannot unblock GiEthernet interfaces that will allow me to use solution you provided. They are administratively block at a time, so I am afraid I wont be able to access FDM or FMC
02-05-2018 04:40 PM
Any suggestions about interfaces ? How can I apply no shut so to perform initial installation procedure?
firepower-boot>show interfaces
eth0 Link encap:Ethernet HWaddr 6c:b2:ae:dd:ff:21
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.255.255.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:552 (552.0 B) TX bytes:552 (552.0 B)
firepower# show interface summary
Interface GigabitEthernet1/1 "", is administratively down, line protocol is down
# Attention: This interface is located in a PCI-e x2 slot. For #
# optimal throughput, install the interface in a PCI-e x4 slot #
# if one is available. Refer to 'show controller slot'. #
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address 6cb2.aedd.ff23, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (1023/1023)
output queue (blocks free curr/low): hardware (1023/1023)
02-05-2018 06:40 PM
Hi Andrii Trushenko. You can't config FTD from CLI. You have to use FMC o FDM. With "show manager" you can check it.
If you are using FDM:
If you have FMC:
Remember that you have to use management interface for administrative access. FTD is not an ASA.
Regards.-
02-06-2018 04:57 PM
I would really to try this solution, but I can not connect device to my WAN network - indicators on a ports of ASA are not blinking. When connecting to WAN device's port where ASA is connected it doesn't see any device connected to it, when connect to ASA through the console it shows that all interfaces are in Administratively Shutdown mode.
Without any access to conft mode I have no option to unblock them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide