cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2294
Views
0
Helpful
10
Replies

Asdm does not allow for firepower module configuration

luisaneves
Level 1
Level 1

Hello,

I'm seeting up a brand new, out of the box 5516x, i've followed every step of the configuration guide, configured the module in the same subnet and VLAN as the inside, but when loading asdm, which seems to take forever, it shows the firepower tabs on the dashboard, with status up and running, but the configuration sections of the module show up empty - all of them. The compatibility matrix says everything is compliant, but to no avail. The module is not configurable!

And firesite was not sold :(

Running asa 5516x with 9.5.1, asdm 7.5.1.8, fpower 5.4.1.

Java 8 update 71, java 7 also...

The customer is already complainting and thinking about replacing it with other manufacturer.

Any thoughts?

10 Replies 10

Marvin Rhoads
Hall of Fame
Hall of Fame

You need to setup the FirePOWER module to use it, even via ASDM.

Have you done so? Please follow the Quick Start guide if you haven't already.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

Yes, all those steps were followed, several times. That was even one of the official sources used.

Could it be a java based problem?

Attached are the outputs from the asdm and the config. A I stated earlier, both management and inside interfaces are connected on the same VLAN and subnet, both addresses reachable

I have a hunch we can quickly confirm. I notice in your one screenshot and the config file that you've customized ASDM to use port 8443. Could you try reverting it back to the default (443) and seeing if that works?

I'm suspecting ASDM is having trouble connecting to the ASA on 8443 and FirePOWER module on 443 at the same time.

Marvi, I've tried it on 443 previously... do you think I should upgrade it to a 6.0?

You can try 6.0. I've managed the Kenton models (5506/8/16) with ASDM on both 5.4 and 6.0 though.

I assume you've tried a reload / power cycle. Sorry if that's a stupid question but I've learned not to assume anything. :)

Have you configured the module at all outside of the ASDM wizard? If not, I wonder if it's waiting for EULA acknowledgement for first time management. You can session into it via the cli and check from there.

Since it's a new 5516-X do you have TAC support?

OK, another stupid java error without any Info reported on cisco documentation . The latest java you can use is 8 update 51 and it has to be 32 bits. Tried everything from 2009 till now, and it is the most recent one that works. Damn you java, shame on you cisco 

Java can certainly be frustrating - I've been dealing with it with varying degrees of success for about 15 years.

With respect to ASDM and FirePOWER management though, I can confirm that the latest 64-bit Java (currently Version 8 Update 72) can work with ASDM.

That's what I have working on my PC and I have managed multiple ASAs (both with and without FirePOWER) using it. (open screenshot below in new tab to see it.)

When I run into one that has issues, a quick packet capture and analysis usually reveals what the issue is (if it's not already discernible from the error message returned during the launch process).

Philip D'Ath
VIP Alumni
VIP Alumni

Firepower communicates via the management port.  Have you definitely got that plugged in?

Yes, as i said before. Both management and inside interfaces are connected on the same VLAN and subnet, both addresses reachable

Review Cisco Networking for a $25 gift card