Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
7
Replies

Cannot login to Firepower from ASDM

Go to solution
benalihoussem1994
Level 1
Level 1

‎08-24-2023 09:32 AM

Hello guys, i'm facing an issue loggign in to asa with firepower module installed on it, yesterday we were applying an access control policy rule, today when i tried to login, ASDM stuck on 28% "authenticating firepower login" then after sometime it bypasses firepower and show only firewall configurations, but i can login when the firewall is standby. i couldn't login to session sfr as well,

any idea please on how to solve this?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
benalihoussem1994
Level 1
Level 1

‎09-02-2023 05:55 AM

Hello,

Issue is solved, we found the last password used for sfr module and we were able to login again.

 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-24-2023 10:06 AM

check the logs - what version of code, if get chance reboot and test it ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
benalihoussem1994
Level 1
Level 1

‎08-24-2023 01:17 PM

yes tried to reboot but same issue, but while logging in to Firepower, i found these logs,

Aug 24 2023 19:11:37: %ASA-7-725012: Device chooses cipher ECDHE-RSA-AES256-GCM-SHA384 for the SSL session with client Inside:192.168.60.21/61002 to 10.1.1.1/443
Aug 24 2023 19:11:37: %ASA-6-725016: Device selects trust-point ASDM_TrustPoint-2022 for client Inside:192.168.60.21/61002 to 10.1.1.1/443
Aug 24 2023 19:11:37: %ASA-6-725002: Device completed SSL handshake with client Inside:192.168.60.21/61002 to 10.1.1.1/443 for TLSv1.2 session
Aug 24 2023 19:11:37: %ASA-6-725007: SSL session with client Inside:192.168.60.21/61002 to 10.1.1.1/443 terminated
Aug 24 2023 19:11:37: %ASA-6-302014: Teardown TCP connection 581960 for Inside:192.168.60.21/61002 to identity:10.1.1.1/443 duration 0:00:00 bytes 3964 TCP Reset-O from identity
Aug 24 2023 19:11:37: %ASA-6-106015: Deny TCP (no connection) from 192.168.60.21/61002 to 10.1.1.1/443 flags FIN ACK on interface Inside
Aug 24 2023 19:11:37: %ASA-7-710005: TCP request discarded from 192.168.60.21/61002 to Inside:10.1.1.1/443
Aug 24 2023 19:11:37: %ASA-6-302013: Built inbound TCP connection 581966 for Inside:192.168.60.21/61003 (192.168.60.21/61003) to identity:10.1.1.1/443 (10.1.1.1/443)
Aug 24 2023 19:11:37: %ASA-6-725001: Starting SSL handshake with client Inside:192.168.60.21/61003 to 10.1.1.1/443 for unknown session
Aug 24 2023 19:11:37: %ASA-6-725003: SSL client Inside:192.168.60.21/61003 to 10.1.1.1/443 request to resume previous session
Aug 24 2023 19:11:37: %ASA-6-725002: Device completed SSL handshake with client Inside:192.168.60.21/61003 to 10.1.1.1/443 for TLSv1.2 session
Aug 24 2023 19:11:37: %ASA-6-725007: SSL session with client Inside:192.168.60.21/61003 to 10.1.1.1/443 terminated

 firepower 7.0.3  installed on ASA 5516,

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to benalihoussem1994

‎08-25-2023 12:08 AM - edited ‎08-25-2023 12:10 AM

We see the Client Terminated on the Logs 

 

firepower 7.0.3  installed on ASA 5516,

 

Just to clarify, You have Firepower Service Module installed in ASA running 7.0.3 ?  or You have Firepower re-imaged on ASA  Model ?

ASA  code Managed by ASDM

Firepower image (FTD) - Managed by FDM or FMC

 

but i can login when the firewall is standby.

 

Why not Failover and check is this accessed by ASDM ?

On the primary if you able to Logging using SSH - can you post below output 

show version

show module 

show module sfr detail

what outcome you get when you login from console to #session sfr console ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
benalihoussem1994
Level 1
Level 1

‎08-25-2023 03:22 AM - edited ‎08-30-2023 07:05 AM

Hi,

ASA version 9.16

ASDM version 7.16(1)150

yes when the firwall is on standby i can access ASDM normally. 
here's the output

sh version:

 

 

show module

 

 

Show module sfr details:

 

 

I get login incorrect when i try session sfr

 

0 Helpful

Go to solution
benalihoussem1994
Level 1
Level 1

‎08-25-2023 05:56 AM - edited ‎08-30-2023 06:24 AM

Hello,

Asdm version: 7.16(1)150

ASA version: 9.16

Firepower version: 7.0.3

I now lost login to firepower on standby ASA, tried failover and also

Below requested output:

Show version:

 

 

Sh module:

 

 

Show module sfr detail

 

 

does firepower lockout users after failed logins?

session sfr fails to login also.

 

0 Helpful

Go to solution
benalihoussem1994
Level 1
Level 1

‎08-28-2023 05:12 AM

Hi guys, it turns out that i'm forbidden to login to sfr due to many login attempts, i tried to reset the password through session sfr do password-reset, i get invalid do command password reset

i couldn't find anyway to login, is there a way to interrupt sfr boot and unlock my account?

0 Helpful

Go to solution
benalihoussem1994
Level 1
Level 1

‎09-02-2023 05:55 AM

Hello,

Issue is solved, we found the last password used for sfr module and we were able to login again.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card