Java can certainly be

luisaneves · ‎02-02-2016

Hello,

I'm seeting up a brand new, out of the box 5516x, i've followed every step of the configuration guide, configured the module in the same subnet and VLAN as the inside, but when loading asdm, which seems to take forever, it shows the firepower tabs on the dashboard, with status up and running, but the configuration sections of the module show up empty - all of them. The compatibility matrix says everything is compliant, but to no avail. The module is not configurable!

And firesite was not sold :(

Running asa 5516x with 9.5.1, asdm 7.5.1.8, fpower 5.4.1.

Java 8 update 71, java 7 also...

The customer is already complainting and thinking about replacing it with other manufacturer.

Any thoughts?

Marvin Rhoads · ‎02-02-2016

You need to setup the FirePOWER module to use it, even via ASDM.

Have you done so? Please follow the Quick Start guide if you haven't already.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

luisaneves · ‎02-02-2016

Yes, all those steps were followed, several times. That was even one of the official sources used.

Could it be a java based problem?

luisaneves · ‎02-03-2016

Attached are the outputs from the asdm and the config. A I stated earlier, both management and inside interfaces are connected on the same VLAN and subnet, both addresses reachable

Marvin Rhoads · ‎02-03-2016

I have a hunch we can quickly confirm. I notice in your one screenshot and the config file that you've customized ASDM to use port 8443. Could you try reverting it back to the default (443) and seeing if that works?

I'm suspecting ASDM is having trouble connecting to the ASA on 8443 and FirePOWER module on 443 at the same time.

luisaneves · ‎02-03-2016

Marvi, I've tried it on 443 previously... do you think I should upgrade it to a 6.0?

Marvin Rhoads · ‎02-03-2016

You can try 6.0. I've managed the Kenton models (5506/8/16) with ASDM on both 5.4 and 6.0 though.

I assume you've tried a reload / power cycle. Sorry if that's a stupid question but I've learned not to assume anything. :)

Have you configured the module at all outside of the ASDM wizard? If not, I wonder if it's waiting for EULA acknowledgement for first time management. You can session into it via the cli and check from there.

Since it's a new 5516-X do you have TAC support?

luisaneves · ‎02-07-2016

OK, another stupid java error without any Info reported on cisco documentation . The latest java you can use is 8 update 51 and it has to be 32 bits. Tried everything from 2009 till now, and it is the most recent one that works. Damn you java, shame on you cisco

Marvin Rhoads · ‎02-07-2016

Java can certainly be frustrating - I've been dealing with it with varying degrees of success for about 15 years.

With respect to ASDM and FirePOWER management though, I can confirm that the latest 64-bit Java (currently Version 8 Update 72) can work with ASDM.

That's what I have working on my PC and I have managed multiple ASAs (both with and without FirePOWER) using it. (open screenshot below in new tab to see it.)

When I run into one that has issues, a quick packet capture and analysis usually reveals what the issue is (if it's not already discernible from the error message returned during the launch process).

Philip D'Ath · ‎02-02-2016

Firepower communicates via the management port. Have you definitely got that plugged in?

luisaneves · ‎02-02-2016

Yes, as i said before. Both management and inside interfaces are connected on the same VLAN and subnet, both addresses reachable

Asdm does not allow for firepower module configuration