04-05-2016 04:11 AM - edited 03-12-2019 12:34 AM
Hi,
I'm trying to setup a new ASA5525-X.
I need to install my licenses but right now, I can't see the FirePower configuration tab.
I can see the FIrePower Status tab.
The sfr is running version 5.3.1-152
I did the basic configuration so
- GE 0/0 is the outside interface configured with dhcp
- GE 0/1 is the inside interface configured with AS 192.168.1.1/24
The sir module is configured as 192.168.1.2/24 default gw is 192.168.1.1
GE 0/1 and management interface are connected to the same switch as my computer and I can ping both interfaces
I logged on the sfr module (session sfr) and I can ping both 192.168.1.1 and my computer.
I did configure a user with privilege 15 and enabled AAA on the ASA.
Still no luck.
Right now, I'm running out of ideas.
Does anyone know what to do ?
Solved! Go to Solution.
04-05-2016 06:44 PM
On the Saleen platform (ASA 5500-x other than 5506/08/16) sfr module version 5.3.x does not support ASDM-based management.
For that you require 6.x (and ASA 9.5(1.5) with ASDM 7.5(1.112) or later).
Reference: http://www.cisco.com/c/en/us/td/docs/security/asdm/7_5/release/notes/rn75.html#pgfId-156844
04-05-2016 11:24 AM
What are the versions of the ASA code and ASDM that you are using?
Thank you for rating helpful posts!
04-05-2016 06:44 PM
On the Saleen platform (ASA 5500-x other than 5506/08/16) sfr module version 5.3.x does not support ASDM-based management.
For that you require 6.x (and ASA 9.5(1.5) with ASDM 7.5(1.112) or later).
Reference: http://www.cisco.com/c/en/us/td/docs/security/asdm/7_5/release/notes/rn75.html#pgfId-156844
04-06-2016 10:00 AM
Good catch on the FirePOWER version! Totally missed that in the initial thread :)
04-06-2016 01:45 AM
The ASA was delivered with version 9.2(2)4 / ASDM 7.2(2)1
The FirePower module is version 5.3.1-152
With Marvin answer, I know that I have to upgrade, so, as soon as my SmartNet will be active, I will do it.
Should I upgrade the ASA or the FirePower module first ?
Thanks for your answers
04-06-2016 05:09 AM
It doesn't matter whether you upgrade the ASA and ASDM first or the FirePOWER module first. You won't get the management capability until each is upgraded and either way they have to be done separately.
Unfortunately, without a FirePOWER Management Center, your first upgrade to 6.0 will have to be via the more cumbersome process of re-imaging the module from the cli.
04-06-2016 10:03 AM
To add to Marvin's last comment:
1. Yes, the CLI re-image/upgrade process is not fun! Make sure you follow the guide step by step:
2. Also, make sure that you are patient!!! At times it may seem that the process is hung but be patient and give it time to complete
3. I would definitely recommend in investing in FireSIGHT management center. You can get the 2 x VM version that is very cheap and it will provide you with tons of additional benefits. Most of the great features if FirePOWER are tied to having FireSIGHT management center.
Thank you for rating helpful posts!
04-06-2016 10:59 AM
When you are upgrading, you can check the progress with the following:
term pager 0
show module sfr log console
The console log is quite verbose so I tun off the pager first to ensure the output all scrolls though to the end (i.e the current step the process is on).
04-07-2016 06:49 AM
So, I'm ordering the 2x VM.
In the meantime, I'll get an eval licence.
Question : Can I manage the other functions of the ASA with FireSIGHT management center ? I have to configure lots of FW rules and different VPN (site to site and remote access with both IPSEC and Anyconnect)
Thanks for your answers
04-07-2016 09:15 AM
Not yet. You would use the FireSIGHT management center to manage FirePOWER services (AMP, IPS, AVC and URL Filtering) and ASDM/CLI to manage ASA features.
Cisco is working on a new (Unified code) that will combine the features between the ASA and the Sourcefire code. That way you can use FireSIGHT to manage everything end-to-end. However, the initial release will not have VPNs. Those will come later on as more and more features are added.
I hope this helps!
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide