Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1749
Views
0
Helpful
3
Replies

ASA 5508 with Firepower Module

danny.heinrich@nexenio.com
Level 1
Level 1

‎01-23-2018 05:28 AM - edited ‎02-21-2020 07:11 AM

Hey there,

 

I recently bought the firepower module and installed it on my ASA 5508

 

Tech specs:

 Firewall:

  • ASA 5508
  • ASA to 9.6(4)
  • Firepower (6.2.2.1-73)
  • ASDM 7.9(1)

Client PC:

  • Debian 9 Stretch
  • openjdk version "1.8.0_151"
    • OpenJDK Runtime Environment (build 1.8.0_151-8u151-b12-1~deb9u1-b12)
    • OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode)
  • JNLP Runner
    • icedtea-8-plugin:amd64                1.6.2-3.1
    • icedtea-netx:amd64                    1.6.2-3.1
    • icedtea-netx-common                   1.6.2-3.1

 

Description:

Windows 10:

Connect to the firewall using ASDM works perfectly, I can access either asa and firepower management,

 

 

On Linux (debian9) using ASDM I can just connect to the ASA.

Firepower stops when connection to ASA with Initializing firepower module 17%, then starts asdm without firepower management options.

 

Additional informations:

ciscoasa#: debug http 255
HTTP: processing HEAD URL '/admin/public/asdm.jnlp' from host <host-ip-onmitted>
HTTP: authentication not required
HTTP: sending headers only for file: public/asdm.jnlp, length: 1418
HTTP: admin session verified =  [0]
HTTP: processing HEAD URL '/admin/public/asdm.jnlp' from host <host-ip-onmitted>
HTTP: authentication not required
HTTP: sending headers only for file: public/asdm.jnlp, length: 1418
HTTP: admin session verified =  [0]
HTTP: processing HEAD URL '/admin/public/dm-launcher.jar' from host <host-ip-onmitted>
HTTP: authentication not required
HTTP: sending headers only for file: public/dm-launcher.jar, length: 128183
HTTP: admin session verified =  [0]
HTTP: processing HEAD URL '/admin/public/retroweaver-rt-2.0.jar' from host <host-ip-onmitted>
HTTP: authentication not required
HTTP: sending headers only for file: public/retroweaver-rt-2.0.jar, length: 113173
HTTP: admin session verified =  [0]
HTTP: processing HEAD URL '/admin/public/jploader.jar' from host <host-ip-onmitted>
HTTP: authentication not required
HTTP: sending headers only for file: public/jploader.jar, length: 66865
HTTP: admin session verified =  [0]
HTTP: processing HEAD URL '/admin/public/lzma.jar' from host <host-ip-onmitted>
HTTP: authentication not required
HTTP: sending headers only for file: public/lzma.jar, length: 11503
HTTP: processing handoff to legacy admin server [/admin/login_banner]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/login_banner' from host <host-ip-onmitted>
HTTP: authentication not required
HTTP: processing handoff to legacy admin server [/admin/version.prop]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/version.prop' from host <host-ip-onmitted>
HTTP: authentication required, no authentication information was provided
HTTP: processing handoff to legacy admin server [/admin/version.prop]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/version.prop' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: sending file: version.prop, length: 108, response header options 00000000
HTTP: processing handoff to legacy admin server [/admin/pdm.sgz]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/pdm.sgz' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: sending file: pdm.sgz, length: 23703384, response header options 00000000
HTTP: processing handoff to legacy admin server [/admin/asdm_banner]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/asdm_banner' from host <host-ip-onmitted>
HTTP: authentication not required
HTTP: processing handoff to legacy admin server [/admin/exec/show+version/show+curpriv/perfmon+interval+10/show+asdm+sessions/show+firewall/show+mode/changeto+system/show+admin-context]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+version/show+curpriv/perfmon+interval+10/show+asdm+sessions/show+firewall/show+mode/changeto+system/show+admin-context' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+module]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+module' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+cluster+interface-mode]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+cluster+interface-mode' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+cluster+info]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+cluster+info' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/session+sfr+do+get-eula-status]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/session+sfr+do+get-eula-status' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+module+sfr+details]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+module+sfr+details' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: Periodic admin session check  (idle-timeout = 1200, session-timeout = 1200)
HTTP: processing handoff to legacy admin server [/admin/exec/session+sfr+do+get-onbox-status]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/session+sfr+do+get-onbox-status' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/session+sfr+do+gen-sso-token]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/session+sfr+do+gen-sso-token' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+version]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+version' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+vpn-sessiondb+license-summary]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+vpn-sessiondb+license-summary' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+curpriv]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+curpriv' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+run+aaa+authorization]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+run+aaa+authorization' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+running-config+%7C+grep+%5E%28logging+enable%7Clogging+asdm%7Chostname%7Cdomain-name%29/show+running-config++%7C+grep+%5Ename+/show+running-config+route/show+running-config+interface/show+running-config+track/show+running-config+sla+monitor/show+running-config+threat-detection/show+running-config+dynamic-filter/show+running-config+hpm]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+running-config+%7C+grep+%5E%28logging+enable%7Clogging+asdm%7Chostname%7Cdomain-name%29/show+running-config++%7C+grep+%5Ename+/show+running-config+route/show+running-config+interface/show+running-config+track/show+running-config+sla+monitor/show+running-config+threat-detection/show+running-config+dynamic-filter/show+running-config+hpm' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/asdm_logging]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/asdm_logging' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/configure+term/crypto+ipsec+security-association+lifetime+kilobyte++%3F/exit]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/configure+term/crypto+ipsec+security-association+lifetime+kilobyte++%3F/exit' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+blocks]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+blocks' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+cpu+core+all]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+cpu+core+all' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+vpn-sessiondb+summary]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+vpn-sessiondb+summary' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/asdm_handler]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/asdm_handler' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+service-policy+user-statistics]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+service-policy+user-statistics' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+curpriv]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+curpriv' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+curpriv]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+curpriv' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+running-config+all+%7C+i+anonymous+prompt/show+running-config+all+regex/show+running-config+all+class-map/show+running-config+all+ssl]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+running-config+all+%7C+i+anonymous+prompt/show+running-config+all+regex/show+running-config+all+class-map/show+running-config+all+ssl' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+run+aaa+authorization]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+run+aaa+authorization' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/config]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/config' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+curpriv]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+curpriv' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+crypto+ca+certificate]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+crypto+ca+certificate' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/flash/username_from_cert.xml]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/flash/username_from_cert.xml' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: file not found: flash:/username_from_cert.xml
HTTP: processing handoff to legacy admin server [/admin/exec/dir+flash%3A%2Fdap.xml]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/dir+flash%3A%2Fdap.xml' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/export+dap+configuration+stdout]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/export+dap+configuration+stdout' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/disk0/dap.xml]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/disk0/dap.xml' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: file not found: disk0:/dap.xml
HTTP: processing handoff to legacy admin server [/admin/cache/sdesktop/data.xml]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/cache/sdesktop/data.xml' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: file not found: cache:/sdesktop/data.xml
HTTP: processing handoff to legacy admin server [/admin/cache/sdesktop/install/binaries/update.txt]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/cache/sdesktop/install/binaries/update.txt' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: file not found: cache:/sdesktop/install/binaries/update.txt
HTTP: processing handoff to legacy admin server [/admin/exec/show+module+sfr+details]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+module+sfr+details' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/configure+term/crypto+ipsec+security-association+lifetime+kilobyte++%3F/exit]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/configure+term/crypto+ipsec+security-association+lifetime+kilobyte++%3F/exit' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/configure+term/crypto+ipsec+security-association+lifetime+kilobyte++%3F/exit]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/configure+term/crypto+ipsec+security-association+lifetime+kilobyte++%3F/exit' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: processing handoff to legacy admin server [/admin/exec/show+jumbo-frame+reservation]
HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/exec/show+jumbo-frame+reservation' from host <host-ip-onmitted>
HTTP: Authentication username = 'user.name'
HTTP: Periodic admin session check  (idle-timeout = 1200, session-timeout = 1200)

 

Labels:
Preview file
42 KB
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-23-2018 08:18 PM

How are you launching ASDM from your Linux workstation?

 

Some of us have had good luck on Ubuntu and Fedora. See the following threads:

 

https://supportforums.cisco.com/t5/firewalling/asdm-on-ubuntu/td-p/3067651

 

https://www.petenetlive.com/KB/Article/0000396

0 Helpful

danny.heinrich@nexenio.com
Level 1
Level 1
In response to Marvin Rhoads

‎01-23-2018 09:33 PM

I tried different ways to l start it.

 

In both solutions is the problem to be unable to lunch asdm.

Thats unfortunatly not my case.

I just have Problems to get ASDM with running firepower services.

javaws https://$1/admin/public/asdm.jnlp
OR
javaws asdm.jnlp
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to danny.heinrich@nexenio.com

‎01-24-2018 07:44 AM

Understood, I just wasn't sure if you were using the same start method.

 

Usually things like that are a quirk of the specific Java VM in use. When running ASDM to manage an ASA with Firepower service module the launch pulls the "show inventory detail"info from the ASA to get the secondary address for the service module. I suspect that bit is what's tripping up your installation.

 

Unfortunately I don't have a ASA with Firepower reachable from my Linux VM to check that use case directly. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card