02-29-2016 05:50 AM - edited 03-12-2019 12:25 AM
Hi,
I am in the process of evaluating FirePower on the ASA 5545-X. My Scenareio is as such;
I have Defence Centre VM installed.
2 x ASA 5545-X
1 x ASA FP configured on Primary ASA
FP module was running factory boot image of 'asasfr-5500x-boot-5.3.1-152.img' and s/w asasfr-sys-5.3.1-155.pkg.
1. Decided to upgrade the software since its pretty outdated. During the upgrade process via DC (downloaded the patch from cisco.com), the tasks stated "(no comms)" during the patch upgrades and at the end stated the module will now reboot.
2. The module did reboot, but afterwards there was no ip comms available to the management of the SFR module. Module status from the ASA showed up/up with correct s/w image. Console into the module also worked and showed DC, ip configurations being present. RX traffic from 'ipconfig' showed 0 stats.
3. Reboots and reloads along with downggrading the patches from 'expert' mode did not help.
Needless to state, DC fails to communicate with FP module.
Following a TAC case, the enigneer advised me to try the 5.4 train. Once again I followed exactly the same upgrade procedure as stated above and the outcome is exactly the same.
Are there any known issues, procedures I am failing to follow? My ASA is running 9.2.4.
Output from the appliances;
Maidenhead-ASA# show module sfr
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
sfr FirePOWER Services Software Module ASA5545 FCH1916782L
mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
sfr 54a2.7424.6f8f to 54a2.7424.6f8f N/A N/A 5.4.0.6-33
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
sfr ASA FirePOWER Up 5.4.0.6-33
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
sfr Up Up
Maidenhead-ASA# show module sfr de
Getting details from the Service Module, please wait...
Card Type: FirePOWER Services Software Module
Model: ASA5545
Hardware version: N/A
Serial Number: FCH1916782L
Firmware version: N/A
Software version: 5.4.0.6-33
MAC Address Range: 54a2.7424.6f8f to 54a2.7424.6f8f
App. name: ASA FirePOWER
App. Status: Up
App. Status Desc: Normal Operation
App. version: 5.4.0.6-33
Data Plane Status: Up
Console session: Ready
Status: Up
DC addr: 10.20.2.35
Mgmt IP addr: 10.18.1.4
Mgmt Network mask: 255.255.0.0
Mgmt Gateway: 10.18.1.1
Mgmt web ports: 443
Mgmt TLS enabled: true
> show netw
network network-static-routes
> show network
===============[ System Information ]===============
Hostname : Maidenhead-ASA1-SF1
Domains : sdl.com
DNS Servers : 10.18.3.140
10.18.3.141
Management port : 8305
IPv4 Default route
Gateway : 10.18.1.1
======================[ eth0 ]======================
State : Enabled
Channels : Management & Events
Mode : Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 54:A2:74:24:6F:8F
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 10.18.1.4
Netmask : 255.255.0.0
Broadcast : 10.18.255.255
----------------------[ IPv6 ]----------------------
Configuration : Disabled
===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled
> show ifconfig
cplane Link encap:Ethernet HWaddr 00:00:00:04:00:01
inet addr:127.0.4.1 Bcast:127.0.255.255 Mask:255.255.0.0
inet6 addr: fe80::200:ff:fe04:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1568 errors:0 dropped:0 overruns:0 frame:0
TX packets:402 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:100408 (98.0 Kb) TX bytes:36074 (35.2 Kb)
eth0 Link encap:Ethernet HWaddr 54:A2:74:24:6F:8F
inet addr:10.18.1.4 Bcast:10.18.255.255 Mask:255.255.0.0
inet6 addr: fe80::56a2:74ff:fe24:6f8f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1375 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:57966 (56.6 Kb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.255.255.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:907 errors:0 dropped:0 overruns:0 frame:0
TX packets:907 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:89513 (87.4 Kb) TX bytes:89513 (87.4 Kb)
> show route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 cplane
0.0.0.0 10.18.1.1 0.0.0.0 UG 0 0 0 eth0
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::1/128 :: U 0 16 1 lo
fe80::200:ff:fe04:1/128 :: U 0 0 1 lo
fe80::56a2:74ff:fe24:6f8f/128 :: U 0 0 1 lo
fe80::/64 :: U 256 0 0 cplane
fe80::/64 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 cplane
ff00::/8 :: U 256 0 0 eth0
Any assistance will be much appreciated.
02-29-2016 05:55 AM
,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: