ASA-

Johnson_Mo · ‎01-18-2024

any reason why my post was marked as spam? i you do not have an answer, please do not mark as spam!

team,

after converting from FTD to ASA, I can not get into enable mode. when I do show run, I see the interfaces and it is ASA mode, but I can not get into enable mode. Model : Cisco Firepower 1120 Threat Defense (78) Version 7.2.5 (Build 208)

these are the command available:

>
aaa-server Specify a AAA server
activate-tunnel-group-scripts Reload ASDM generated scripts for username-from-certificate
app-agent Configure appagent features
asp Configure ASP parameters
attribute Modify a monitored attribute
blocks Set block diagnostic parameters
capture Capture inbound and outbound packets on one or more interfaces
capture-traffic Display traffic or save to specified file
clear Reset functions
cluster Cluster exec mode commands
configure Change to Configuration mode
conn Connection
connect Connect to another component.
copy Copy from one file to another
cpu general CPU stats collection tools
crypto Execute crypto Commands
debug Debugging functions (see also 'undebug')
delete Delete a file
dig Look up an IP address or host name with the DNS servers
dir List files on a filesystem
dns List files on a filesystem
dynamic-access-policy-config Activates the DAP selection configuration file.
eotool Change to Enterprise Object Tool Mode
exit Exit this CLI session
expert Invoke a shell
failover Perform failover operation in Exec mode
file Change to File Mode
fips Execute FIPS tests
fsck Filesystem check
help Interactive help for commands
history Display the current session's command line history
ldapsearch Test LDAP configuration
logging Configure flash file name to save logging buffer
logout Logout of the current CLI session
memory Memory tools
more Display the contents of a file
no Negate a command or set its defaults
packet-tracer trace packets in F1 data path
perfmon Change or view performance monitoring options
pigtail Tail log files for debugging (pigtail)
ping Test connectivity from specified interface to an IP address
pmtool Change to PMTool Mode
reboot Reboot the sensor
redundant-interface Redundant interface
restore This command is used to restore FTD from sfr prompt
sftunnel-status Show sftunnel status
sftunnel-status-brief Show sftunnel status brief
show Show running system information
shun Manages the filtering of packets from undesired hosts
shutdown Shutdown the sensor
sync-from-peer Sync from peer FTD
system Change to System Mode
tail-logs Tails the logs selected by the user
test Test subsystems, memory, interfaces, and configurations
traceroute Find route to remote network
undebug Disable debugging functions (see also 'debug')
upgrade Install Upgrade Package
verify Verify a file
vpn-sessiondb Configure the VPN Session Manager
webvpn-cache Remove cached object

Marvin Rhoads · ‎01-18-2024

Are you sure it is running in ASA mode? The output you shared says "Version 7.2.5" which is an FTD version.

Also, the commands available appear to be FTD cli commands - not ASA commands.

Johnson_Mo · ‎01-19-2024

when I do show run, I see the interfaces as ASA mode does show them. I also found out that it needs to be licensed in order running ASA mode.

Marvin Rhoads · ‎01-19-2024

The output of show running-configuration looks very similar between an FTD and ASA mode device.

But the device operation is VERY different. ASA does require a free base license but it cannot run any Snort/IPS services such as Threat prevention, security Intelligence, URL Filtering or Malware protection.

Switching an 1100 series from FTD to ASA requires a very low level system reimage as described here:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html#task_vhy_5kc_sgb

You will lose all configuration and have to start over from scratch when doing so.

MHM Cisco World · ‎01-18-2024

try this way to access LINA

>system support diagnostic-cli
> enable

MHM

Johnson_Mo · ‎01-19-2024

I will try this command once back in the office after licensing the appliance. thanks for the info boss!