10-20-2017 06:16 PM - edited 02-21-2020 06:32 AM
Hi Guys,
Feeling rather noobish on this one.
i`m having trouble finding the Conf t, the device is ASA 2110
I`ve tried connecting to FTD & Local Mgmt and i can see the config - but i cant edit it
geg01#
acknowledge Acknowledge
backup Backup
clear Clear managed objects
commit-buffer Commit transaction buffer
connect Connect to Another CLI
discard-buffer Discard transaction buffer
end Go to exec mode
exit Exit from command interpreter
scope Changes the current mode
set Set property values
show Show system information
terminal Set terminal line parameters
top Go to the top mode
up Go up one mode
where Show information about the current mode
geg01# connect
ftd Connect to FTD Application CLI
local-mgmt Connect to Local Management CLI
Solved! Go to Solution.
10-20-2017 09:19 PM
It appears you are logging into a Firepower 2110 running FTD image. You cannot modify FTD configuration (apart from the minimal setup of the network) from the cli.
You need to use either the on-box Firepower Device Manager or a remote Firepower Management Center. In either case you connect to the management interface you have assigned (via Firepower Chassis Manager) to the FTD logical device - not to the chassis management interface.
10-20-2017 09:19 PM
It appears you are logging into a Firepower 2110 running FTD image. You cannot modify FTD configuration (apart from the minimal setup of the network) from the cli.
You need to use either the on-box Firepower Device Manager or a remote Firepower Management Center. In either case you connect to the management interface you have assigned (via Firepower Chassis Manager) to the FTD logical device - not to the chassis management interface.
10-20-2017 09:53 PM
Thanks Marvin !
I`m trying to set up Ipsec tunnels from a dynamic IP address to the static ip of the ASA, The on-box Firepower Device Manager seems limited, You mentioned the Firepower running the FTD image - would running a different Image provide greater flexibility ?
10-21-2017 06:58 AM
I've not had to do it "in the wild" yet but it should be possible according to the FMC and FTD site-to-site VPN documentation.
However I just tried it in my lab and was unable to get it to work there as well (running the latest FMC and FTD 6.2.2).
I've asked among my peers in the partner community to see if it's one of those bits that's not quite working yet.
Regarding ASA vs. FTD image type if you go with ASA you would lose all of the ability to to NGIPS (Snort etc. ) inspections and management would be via the old style ASA cli or ADSM GUI. That's a pretty major change to the appliance and not one to be undertaken lightly. The option is there though should you decide FTD is not cutting it for you at this time.
10-22-2017 07:23 PM
Hi Marvin,
What be a acceptable method of connecting from a dynamic IP address to the cisco 2110 then ?
I was thinking i could find an any connect client to run on the IOS - i think i might have been dreaming..
Chris
10-22-2017 07:59 PM
I haven't received official word from Cisco engineering, but I am beginning to think it may not be a feature that is currently implemented. Two other engineers (not Cisco employees) have told me that.
I suggest you open a TAC case for confirmation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide