Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
2
Replies

ASA Firepower physical and connection issues

Not applicable

‎07-11-2017 03:24 PM - last edited on ‎03-12-2019 02:41 AM by

I am struggling to get FirePower communicating within 5508-X active/standby pair.  From the documentation, I am showing I should have the "inside" interface as well as the management 1/1 both within the same internal network.  I have connected (inside) gigabit 1/2 & (management) 1/1 on the primary and (inside) gigabit 1/2 & (management) 1/1 on the secondary all within the same "vlan" on a internal l3 switch.  The SVI on that switch has the ip of 192.168.0.1/29.  Below is the IP's configured on the asa/firepower.

HA active/standby 5508-X w/FirePower
inside (192.168.0.2/29 standby 192.168.0.3/29)
SFR MGMT (primary - 192.168.0.4/29 | standby - 192.168.0.5/29)


===============[ System Information ]===============
Hostname : firepower
Domains : local.domain
DNS Servers : 8.8.8.8
Management port : 8305
IPv4 Default route
Gateway : 192.168.0.1

======================[ eth0 ]======================
State : Enabled
Channels : Management & Events
Mod :
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 00:AB:CD:EF:AB:CD
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.0.4
Netmask : 255.255.255.248
Broadcast : 192.168.0.7
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

> show route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.248 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 cplane
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun1
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

 

I can ping no problem from my desk (which is off of the 192.168.0.x network) to all of the IP's 192.168.0.1, 2, 3, 4, 5 successfully.  But if I attempt to connect via ASDM, I get the message "cannot connect to the asa firepower module".  What am I missing?

Labels:
0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎07-12-2017 06:54 AM

What does "show module sfr details" show on both ASA's? The ASDM picks up the SFR ip address from that command and then tries to connect to it. 

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/200889-Using-ASDM-to-manage-a-FirePOWER-module.html#anc6

Also, can you check using Wireshark if your ASDM tries to communicate to SFR ip address during ASDM initialization?

0 Helpful

Not applicable
In response to Rahul Govindan

‎07-30-2017 07:33 AM

No further changes were made from our side but a TAC case was entered with a subsequent WebEx session scheduled.  First try after getting WebEx setup succeeded with no explanation as to why the previous issues.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card