Solved: I had to reimage the SFR

Luigi Celeste · ‎03-11-2016

Hello Everyone.

I've a new Cisco ASA 5506-X and I tried to configure the sourcefire services. I've did the first configuration, enabling the module by assigning an IP address by the "session sfr" command. After the questions prompted, the installation ends.

I tried then to connect via ASDM, but I cannot reach the module and received the error in attachment (I can manage the ASA via ASDM if I click "cancel"). trying to connecting again to the module via CLI (session sfr command), but I receive the following message and I cannot reach the module via CLI anymore:

System initialization in progress. Please stand by.
Applying 'Default Allow All Traffic' access control policy.
Remote card closed command session. Press any key to continue.
Command session with module sfr terminated.

The status of module results UP:

ciscoasa(config)# sh module

Mod Card Type                                    Model              Serial No.
---- -------------------------------------------- ------------------ -----------
   1 ASA 5506-X with SW, 8GE Data, 1GE Mgmt, AC   ASA5506            JAD200406C0
sfr FirePOWER Services Software Module           ASA5506            JAD200406C0

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version
---- --------------------------------- ------------ ------------ ---------------
   1 0035.1a69.ee8b to 0035.1a69.ee94 1.1          1.1.8        9.5(2)
sfr 0035.1a69.ee8a to 0035.1a69.ee8a N/A          N/A          5.4.1-211

Mod SSM Application Name           Status           SSM Application Version
---- ------------------------------ ---------------- --------------------------
sfr ASA FirePOWER                  Up               5.4.1-211

Mod Status             Data Plane Status     Compatibility
---- ------------------ --------------------- -------------
   1 Up Sys             Not Applicable
sfr Up                 Up

And also I tried to reload the module with sw-module module sfr command.

The Management interface is UP, and it's connected on the LAN's ASA interface by a L2 switch.

ciscoasa# sh int ip br
Interface                  IP-Address      OK? Method Status                Protocol
Virtual0                   127.1.0.1       YES unset up                    up
GigabitEthernet1/1         unassigned      YES DHCP   down                  down
GigabitEthernet1/2         192.168.1.1     YES CONFIG up                    up
GigabitEthernet1/3         unassigned      YES unset administratively down down
GigabitEthernet1/4         unassigned      YES unset administratively down down
GigabitEthernet1/5         unassigned      YES unset administratively down down
GigabitEthernet1/6         unassigned      YES unset administratively down down
GigabitEthernet1/7         unassigned      YES unset administratively down down
GigabitEthernet1/8         unassigned      YES unset administratively down down
Internal-Control1/1        127.0.1.1       YES unset up                    up
Internal-Data1/1           unassigned      YES unset up                    up
Internal-Data1/2           unassigned      YES unset up                    up
Internal-Data1/3           unassigned      YES unset up                    up
Management1/1              unassigned      YES unset up                    up

The IP address setted on the Management SFR interface is in the same network of the LAN address:

ciscoasa# sh module sfr details
Getting details from the Service Module, please wait...

Card Type:          FirePOWER Services Software Module
Model:              ASA5506
Hardware version:   N/A
Serial Number:      JAD200406C0
Firmware version:   N/A
Software version:   5.4.1-211
MAC Address Range: 0035.1a69.ee8a to 0035.1a69.ee8a
App. name:          ASA FirePOWER
App. Status:        Up
App. Status Desc:   Normal Operation
App. version:       5.4.1-211
Data Plane Status: Up
Console session:    Ready
Status:             Up
DC addr:            No DC Configured
Mgmt IP addr:       192.168.1.10
Mgmt Network mask: 255.255.255.0
Mgmt Gateway:       192.168.1.1
Mgmt web ports:     443
Mgmt TLS enabled:   true

but it still unreachable.

Any suggestion?

Thank's in advance,

Luigi Celeste

Aastha Bhardwaj · ‎04-18-2016

Hi,

Reimage would resolve the issue , but I would recommend you opening up a TAC case and they can find out what exactly is the problem.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

View solution in original post

yogdhanu · ‎03-17-2016

Hi

Not sure if you still have the same problem or its solved. Nevertheless , the error screenshot looks like there is no connectivity issue between the PC hosting ASDM and firepower.

How is ASA management interface connected to network ?

it should be connected to any L2 switch in the network so that Firepower (192.168.1.10) can communicate to its gateway 192.168.1.1 via that l2 switch and PC in that network can communicate to both firepower and ASA.

Let me know if that helps.

Thanks

yogesh

Pavel Glushkov · ‎04-15-2016

Same here.

ASA2# session sfr
Opening command session with module sfr.

Cisco Linux OS v5.4.1 (build 12)
Cisco ASA5516 v5.4.1 (build 211)

System initialization in progress. Please stand by.
Applying 'Default Allow All Traffic' access control policy.
Remote card closed command session. Press any key to continue.
Command session with module sfr terminated.

Aastha Bhardwaj · ‎04-18-2016

Hi,

Reimage would resolve the issue , but I would recommend you opening up a TAC case and they can find out what exactly is the problem.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Luigi Celeste · ‎04-18-2016

I had to reimage the SFR module and the issues has been solved.

Thank's everyone.

Luigi Celeste.

Cisco ASA 5506-X SourceFire Remote - Card closed command session