cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1455
Views
5
Helpful
5
Replies

ASA5525/SFR/FMC no data showing

campbech1
Level 1
Level 1
Good afternoon guys.
 
Struggling with a new ASA5525/SFR/FMC deployment. Everything is able to ping each other. I've imaged the SFR with 6.4.0 and that completed just fine. I have deployed the FMC and it is able to communicate with the SFR without any issues. It's also registered and showing green in the FMC.
 
I also completed the global service policy to redirect traffic to the ASA FirePOWER Inspection in "enabled monitor only" right now as I'm testing.
 
I'm just at a loss as why I'm not seeing any traffic showing in the FMC. I'm hopeful I've missed something easy here. 
 
Any thoughts?
 
I have the ASA5525 running on v9.9(2)52 and ASDM on v7.9(2)152.
 
*** ASA INTERFACE CONFIGURATION ***
 
interface GigabitEthernet0/0
 nameif Outside
 security-level 0
 ip address 64.20.x.x 255.255.255.240
!
interface GigabitEthernet0/1
 nameif Inside
 security-level 100
 ip address 10.5.0.2 255.255.255.0
!
interface Management0/0 (this is connected to the same VLAN as the Inside interface on G0/1)
 management-only
 no nameif
 no security-level
 no ip address
 
*** INTERFACE STATUS ***
 
Interface GigabitEthernet0/0 "Outside", is up, line protocol is up
  Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        MAC address 7c69.f68f.9c1e, MTU 1500
        IP address 64.20.x.x, subnet mask 255.255.255.240
        93757294 packets input, 98882214895 bytes, 0 no buffer
        Received 27294 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        85449526 packets output, 23470108266 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 1 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        input queue (blocks free curr/low): hardware (463/362)
        output queue (blocks free curr/low): hardware (462/356)
  Traffic Statistics for "Outside":
        93753097 packets input, 97171486161 bytes
        85449526 packets output, 21914042688 bytes
        151595 packets dropped
      1 minute input rate 2847 pkts/sec,  2560583 bytes/sec
      1 minute output rate 2206 pkts/sec,  395826 bytes/sec
      1 minute drop rate, 8 pkts/sec
      5 minute input rate 3328 pkts/sec,  3194150 bytes/sec
      5 minute output rate 2417 pkts/sec,  428141 bytes/sec
      5 minute drop rate, 4 pkts/sec
Interface GigabitEthernet0/1 "Inside", is up, line protocol is up
  Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        MAC address 7c69.f68f.9c1a, MTU 1500
        IP address 10.5.0.2, subnet mask 255.255.255.0
        109338735 packets input, 22146678756 bytes, 0 no buffer
        Received 17 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        140775455 packets output, 104866439702 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 1 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        input queue (blocks free curr/low): hardware (508/362)
        output queue (blocks free curr/low): hardware (477/337)
  Traffic Statistics for "Inside":
        109338579 packets input, 19994547614 bytes
        140775455 packets output, 102229390975 bytes
        112575 packets dropped
      1 minute input rate 2942 pkts/sec,  384433 bytes/sec
      1 minute output rate 3954 pkts/sec,  2761891 bytes/sec
      1 minute drop rate, 3 pkts/sec
      5 minute input rate 3171 pkts/sec,  415749 bytes/sec
      5 minute output rate 4441 pkts/sec,  3393147 bytes/sec
      5 minute drop rate, 4 pkts/sec
Interface Management0/0 "", is up, line protocol is up
  Hardware is en_vtun rev00, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Available but not configured via nameif
        MAC address 7c69.f68f.9c19, MTU not set
        IP address unassigned
        19 packets input, 942 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        18 L2 decode drops
        0 packets output, 0 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        input queue (blocks free curr/low): hardware (0/0)
        output queue (blocks free curr/low): hardware (0/0)
 
*** SFR NETWORK CONFIGURATION ***
 
show network
===============[ System Information ]===============
Hostname                  : firepower
Domains                   : xxxx.local
DNS Servers               : 192.168.70.15
                            192.168.70.17
Management port           : 8305
IPv4 Default route
  Gateway                 : 10.5.0.1
======================[ h0 ]======================
State                     : Enabled
Channels                  : Management & Events
Mode                      : Non-Autonegotiation
MDI/MDIX                  : Auto/MDIX
MTU                       : 1500
MAC Address               : 7C:69:F6:8F:9C
----------------------[ IPv4 ]----------------------
Configuration             : Manual
Address                   : 10.5.0.3
Netmask                   : 255.255.255.0
Broadcast                 : 10.5.0.255
----------------------[ IPv6 ]----------------------
Configuratio             : Disabled
===============[ Proxy Information ]================
State                     : Disabled
Authentication            : Disabled

*** SFR SHOW VERSION ***
 
show summary             
-------------------[ firepower ]--------------------
Model                     : ASA5525 (72) Version 6.4.0 (Build 102)
UUID                      : 784bf404-9b58-11e9-a336-e5710e95440d
Rules update version      : 2018-10-10-001-vrt
VDB version               : 309
----------------------------------------------------
------------------[ policy info ]-----------------
Access Control Policy     : Test
--------------------[ Outside ]---------------------
Physical Interface        : GigabitEthernet0/0
Type                      : ASA
Security Zone             : OUTSIDE
Status                    : Enabled
Load Balancing Mode       : N/A
---------------------[ Inside ]---------------------
Physical Interface        : GigabitEthernet0/1
Tpe                      : ASA
Security Zone             : INSIDE
Status                    : Enabled
Load Balancing Mode       : N/A
---------------------[ cplane ]---------------------
IPv4 Address              : 127.0.4.1
----------------------[ eth0 ]----------------------
Physical Interface        : eth0
Type                      : Managem
Status                    : Enabled
MDI/MDIX                  : Auto
MTU                       : 1500
MAC Address               : 7C:69:F6:8F:9C:17
IPv4 Address              : 10.5.0.3
----------------------[ tun1 ]----------------------
IPv6 Address              : fdcc::bd:0:ffff:a9fe:1/64
---------------------[ tunl0 ]----------------------
----------------------------------------------------
--------------[ snort version info ]---------------
Snort Version             : 2.9.14 GRE (Build 15004)
libpcap Version           : 1.8.1
PCRE Version              : 7.4 2007-09-21
ZLIB Version              : 1.2.5
----------------------------------------------------
 
*** SHOW MANAGERS ***
 
Type                      : Manager
Host                      : 192.168.70.5
Registration              : Completed
5 Replies 5

Rahul Govindan
VIP Alumni
VIP Alumni

Can you also paste the class-map, policy-map and service-policy config that you have added to the ASA?

Of course.

class-map global-class
match any

policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options

class global-class
sfr fail-open monitor-only

 

service-policy global_policy global

I have also removed that and put it in like the other examples I've found.

access-list sfr_redirect extended permit ip any any

class-map sfr
match access-list sfr_redirect

policy-map global_policy
class sfr
sfr fail-open monitor-only

service-policy global_policy global

Looks correct so far. What about on the FMC? Hows does your ACP look like for the device in question? Do you have event logging turned on for the policies configured? 

It's resolved now. I deleted the FMC and reinstalled from scratch and I'm seeing traffic now. Not sure what happened.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: