Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1332
Views
0
Helpful
4
Replies

ASA5525-X running FTD removed from FMC for some reason

joseponceiii
Level 1
Level 1

‎09-13-2021 10:31 PM

Hi Cisco community,

 

Just wondering if anyone here experienced an ASA5525-X running FTD image being removed in FMC for some reason? I have ran the command "show managers" from the CLI and it says "No managers configured". No changes on it but I'm curious if this is normal, although there's an issue currently on FMC and the sensor due to WAN issues (this is only intermittent and I can access the remote device as of this writing). Does anyone know if this is normal if there is some issues on connectivity between FMC and FTD that the "show managers" will show as empty? I haven't tried re-configuring the configure manager add on FTD.

 

Also, does anyone know if I can retrieve the registration key from the FMC? I can see on some posts that we could use below but I think this only displays the hashed value and not the clear text.

 

more sftunnel.conf | grep reg_key

 

 

Thanks,

0 Helpful
4 Replies 4

Chakshu Piplani
Cisco Employee
Cisco Employee

‎09-14-2021 03:16 AM

Hi joseponceiii,

 

This cannot happen automatically, I would definitely suggest looking into audit logs by going into System --> monitoring-->Audit to check the user ID who did it.

Since there are no managers configured trying to figure out the old key would be a waste, even if you had the old key doing a re-registration would push a blank config to the device. You can re-register the device by using a new key, in off hours.

 

Regards,

Chakshu

 

Do rate helpful posts!

0 Helpful

joseponceiii
Level 1
Level 1
In response to Chakshu Piplani

‎09-15-2021 07:35 PM

Hi @Chakshu Piplani , thanks for the inputs. Just wondering, if the re-registration would push a blank config to the device, will it wipe out all configs including basic IP configuration? And then after the re-registration to the FMC, after re-deploying the access policies to the device will get the FTD back to normal, right? Or are we expecting to re-configure all basic stuffs (IP address, etc.) before re-registration? 

 

Thanks.

0 Helpful

Chakshu Piplani
Cisco Employee
Cisco Employee
In response to joseponceiii

‎09-16-2021 01:58 AM

Since you had this device previously registered to the same FMC IP address might be there, I have seen it in some scenarios where it gets retained on the FMC, but thing like NAT Policy and security Zones needs to be re-mapped, same ACP can be mapped at the time of registration, but there is a catch to it, if the IP address and zone config is lost, the policy might not deploy properly.

 

You can try using the same ACP if it doesn't work, create a new one and attach that to the FTD while registration.

 

Regards,

Chakshu

 

Do rate helpful posts!

0 Helpful

joseponceiii
Level 1
Level 1

‎09-15-2021 07:37 PM

BTW, I don't see any relevant audit logs that did it. So I'm still wondering why it was lost. The only issue is we have a intermittent WAN issue which is on inside network of the FTD.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card