Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1549
Views
5
Helpful
9
Replies

ASA firePower configuration tab doesn't appear

Go to solution
dbrajort1
Level 1
Level 1

‎04-05-2016 04:11 AM - edited ‎03-12-2019 12:34 AM

Hi,

I'm trying to setup a new ASA5525-X.

I need to install my licenses but right now, I can't see the FirePower configuration tab.

I can see the FIrePower Status tab.

The sfr is running version 5.3.1-152

I did the basic configuration so

- GE 0/0 is the outside interface configured with dhcp

- GE 0/1 is the inside interface configured with AS 192.168.1.1/24

The sir module is configured as 192.168.1.2/24 default gw is 192.168.1.1

GE 0/1 and management interface are connected to the same switch as my computer and I can ping both interfaces

I logged on the sfr module (session sfr) and I can ping both 192.168.1.1 and my computer.

I did configure a user with privilege 15 and enabled AAA on the ASA.

Still no luck.

Right now, I'm running out of ideas.

Does anyone know what to do ?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-05-2016 06:44 PM

On the Saleen platform (ASA 5500-x other than 5506/08/16) sfr module version 5.3.x does not support ASDM-based management.

For that you require 6.x (and ASA 9.5(1.5) with ASDM 7.5(1.112) or later).

Reference: http://www.cisco.com/c/en/us/td/docs/security/asdm/7_5/release/notes/rn75.html#pgfId-156844

View solution in original post

9 Replies 9

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-05-2016 11:24 AM

What are the versions of the ASA code and ASDM that you are using?

Thank you for rating helpful posts!

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-05-2016 06:44 PM

On the Saleen platform (ASA 5500-x other than 5506/08/16) sfr module version 5.3.x does not support ASDM-based management.

For that you require 6.x (and ASA 9.5(1.5) with ASDM 7.5(1.112) or later).

Reference: http://www.cisco.com/c/en/us/td/docs/security/asdm/7_5/release/notes/rn75.html#pgfId-156844

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎04-06-2016 10:00 AM

Good catch on the FirePOWER version! Totally missed that in the initial thread :)

0 Helpful

Go to solution
dbrajort1
Level 1
Level 1

‎04-06-2016 01:45 AM

The ASA was delivered with version 9.2(2)4 / ASDM 7.2(2)1

The FirePower module is version 5.3.1-152

With Marvin answer, I know that I have to upgrade, so, as soon as my SmartNet will be active, I will do it.

Should I upgrade the ASA or the FirePower module first ?

Thanks for your answers

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to dbrajort1

‎04-06-2016 05:09 AM

It doesn't matter whether you upgrade the ASA and ASDM first or the FirePOWER module first. You won't get the management capability until each is upgraded and either way they have to be done separately.

Unfortunately, without a FirePOWER Management Center, your first upgrade to 6.0 will have to be via the more cumbersome process of re-imaging the module from the cli.

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎04-06-2016 10:03 AM

To add to Marvin's last comment:

1. Yes, the CLI re-image/upgrade process is not fun! Make sure you follow the guide step by step:

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html

2. Also, make sure that you are patient!!! At times it may seem that the process is hung but be patient and give it time to complete

3. I would definitely recommend in investing in FireSIGHT management center. You can get the 2 x VM version that is very cheap and it will provide you with tons of additional benefits. Most of the great features if FirePOWER are tied to having FireSIGHT management center. 

Thank you for rating helpful posts!

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to nspasov

‎04-06-2016 10:59 AM

When you are upgrading, you can check the progress with the following:

term pager 0
show module sfr log console

The console log is quite verbose so I tun off the pager first to ensure the output all scrolls though to the end (i.e the current step the process is on).

0 Helpful

Go to solution
dbrajort1
Level 1
Level 1
In response to nspasov

‎04-07-2016 06:49 AM

So, I'm ordering the 2x VM.

In the meantime, I'll get an eval licence.

Question : Can I manage the other functions of the ASA with FireSIGHT management center ? I have to configure lots of FW rules and different VPN (site to site and remote access with both IPSEC and Anyconnect)

Thanks for your answers

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to dbrajort1

‎04-07-2016 09:15 AM

Not yet. You would use the FireSIGHT management center to manage FirePOWER services (AMP, IPS, AVC and URL Filtering) and ASDM/CLI to manage ASA features. 

Cisco is working on a new (Unified code) that will combine the features between the ASA and the Sourcefire code. That way you can use FireSIGHT to manage everything end-to-end. However, the initial release will not have VPNs. Those will come later on as more and more features are added. 

I hope this helps!

Thank you for rating helpful posts!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card