cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
514
Views
0
Helpful
1
Replies

Cisco ASA FirePower upgrade issues 5.3 and 5.4 via Defence Centre

Mohammed Islam
Level 1
Level 1

Hi,

I am in the process of evaluating FirePower on the ASA 5545-X.  My Scenareio is as such;

I have Defence Centre VM installed. 

2 x ASA 5545-X

1 x ASA FP configured on Primary ASA

FP module was running factory boot image of 'asasfr-5500x-boot-5.3.1-152.img' and s/w asasfr-sys-5.3.1-155.pkg.

1. Decided to upgrade the software since its pretty outdated.  During the upgrade process via DC (downloaded the patch from cisco.com), the tasks stated "(no comms)" during the patch upgrades and at the end stated the module will now reboot.

2.  The module did reboot, but afterwards there was no ip comms available to the management of the SFR module.  Module status from the ASA showed up/up with correct s/w image.  Console into the module also worked and showed DC, ip configurations being present.  RX traffic from 'ipconfig' showed 0 stats. 

3. Reboots and reloads along with downggrading the patches from 'expert' mode did not help. 

Needless to state, DC fails to communicate with FP module.

Following a TAC case, the enigneer advised me to try the 5.4 train.  Once again I followed exactly the same upgrade procedure as stated above and the outcome is exactly the same.

Are there any known issues, procedures I am failing to follow?  My ASA is running 9.2.4.

Output from the appliances;

Maidenhead-ASA# show module sfr


Mod  Card Type                                    Model              Serial No.
---- -------------------------------------------- ------------------ -----------
sfr FirePOWER Services Software Module           ASA5545            FCH1916782L
 

mod  MAC Address Range                 Hw Version   Fw Version   Sw Version
---- --------------------------------- ------------ ------------ ---------------
sfr 54a2.7424.6f8f to 54a2.7424.6f8f  N/A          N/A          5.4.0.6-33

Mod  SSM Application Name           Status           SSM Application Version
---- ------------------------------ ---------------- --------------------------
sfr ASA FirePOWER                  Up               5.4.0.6-33

Mod  Status             Data Plane Status     Compatibility
---- ------------------ --------------------- -------------
sfr Up                 Up

 
Maidenhead-ASA# show module sfr de
Getting details from the Service Module, please wait...
Card Type:          FirePOWER Services Software Module
Model:              ASA5545
Hardware version:   N/A
Serial Number:      FCH1916782L
Firmware version:   N/A
Software version:   5.4.0.6-33
MAC Address Range:  54a2.7424.6f8f to 54a2.7424.6f8f
App. name:          ASA FirePOWER
App. Status:        Up
App. Status Desc:   Normal Operation
App. version:       5.4.0.6-33
Data Plane Status:  Up
Console session:    Ready
Status:             Up
DC addr:            10.20.2.35
Mgmt IP addr:       10.18.1.4
Mgmt Network mask:  255.255.0.0
Mgmt Gateway:       10.18.1.1
Mgmt web ports:     443
Mgmt TLS enabled:   true

> show netw
network               network-static-routes
> show network
===============[ System Information ]===============
Hostname                  : Maidenhead-ASA1-SF1
Domains                   : sdl.com
DNS Servers               : 10.18.3.140
                            10.18.3.141
Management port           : 8305
IPv4 Default route
  Gateway                 : 10.18.1.1

======================[ eth0 ]======================
State                     : Enabled
Channels                  : Management & Events
Mode                      : Autonegotiation
MDI/MDIX                  : Auto/MDIX
MTU                       : 1500
MAC Address               : 54:A2:74:24:6F:8F
----------------------[ IPv4 ]----------------------
Configuration             : Manual
Address                   : 10.18.1.4
Netmask                   : 255.255.0.0
Broadcast                 : 10.18.255.255
----------------------[ IPv6 ]----------------------
Configuration             : Disabled

===============[ Proxy Information ]================
State                     : Disabled
Authentication            : Disabled

> show ifconfig
cplane    Link encap:Ethernet  HWaddr 00:00:00:04:00:01
          inet addr:127.0.4.1  Bcast:127.0.255.255  Mask:255.255.0.0
          inet6 addr: fe80::200:ff:fe04:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1568 errors:0 dropped:0 overruns:0 frame:0
          TX packets:402 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:100408 (98.0 Kb)  TX bytes:36074 (35.2 Kb)

eth0      Link encap:Ethernet  HWaddr 54:A2:74:24:6F:8F
          inet addr:10.18.1.4  Bcast:10.18.255.255  Mask:255.255.0.0
          inet6 addr: fe80::56a2:74ff:fe24:6f8f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1375 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:57966 (56.6 Kb)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.255.255.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:907 errors:0 dropped:0 overruns:0 frame:0
          TX packets:907 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:89513 (87.4 Kb)  TX bytes:89513 (87.4 Kb)

> show route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.18.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.255.0.0     U     0      0        0 cplane
0.0.0.0         10.18.1.1       0.0.0.0         UG    0      0        0 eth0

Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::1/128                                     ::                                      U     0      16       1 lo
fe80::200:ff:fe04:1/128                     ::                                      U     0      0        1 lo
fe80::56a2:74ff:fe24:6f8f/128               ::                                      U     0      0        1 lo
fe80::/64                                   ::                                      U     256    0        0 cplane
fe80::/64                                   ::                                      U     256    0        0 eth0
ff00::/8                                    ::                                      U     256    0        0 cplane
ff00::/8                                    ::                                      U     256    0        0 eth0

Any assistance will be much appreciated.

1 Reply 1

Mohammed Islam
Level 1
Level 1

,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: