cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

390
Views
0
Helpful
11
Replies
Highlighted
Beginner

Cisco ASA>FTD mgmt

Hello team,

We recently re-imaged 5516-x to FTD.

I am not able to access it using IP assigned to mgmt ip

When I do "show network"

 

===============[ System Information ]===============
Hostname : testftd
Management port : 8305
IPv4 Default route
Gateway : 10.10.0.1

======================[ br1 ]=======================
State : Enabled
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 03:AB:C4:C7:70:96
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 10.10.0.60
Netmask : 255.255.255.0
Broadcast : 10.10.0.255
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

When I ping 10.10.0.60 or 10.10.0.1 it says 

No route to host X.X.X.X

 

When I checked in LINA engine Mgmt1/1 interface is admin down.

I selected option to manage it locally while setup.

 

How can I access it ?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

So here what helped me get access.

Configuration register was set as 0x41 so it was not loading default FTD configuration so mgmt interface was showing in admin down state. We changed it to 0x01 from ROMMON mode and now I was able to access it using mgmt interface IP address.

View solution in original post

11 REPLIES 11
Highlighted
VIP Advisor

Hi,

Use the command "ping system 10.10.0.60"

 

HTH

 

Highlighted

Hello Rob,

It's pinging. But from outside I am not able to access that IP using https.

Highlighted
VIP Advisor

If you are using FMC to manage the FTD then you don't connect to it directly on https. You now need to configure it using the FMC.

Highlighted

Hi,

I am not using FMC, I am planning to administer it locally only using FDM.

Also I tried ping to gateway "ping system 10.10.0.1" and it's not pinging. Switch port config is good I double checked.

 

Highlighted
VIP Advisor

Sorry, my mistake, for some reason I thought you were using and FMC.

 

Have you attempted to connect to the FTD using https from a PC in the same VLAN?

To answer your previous question, you wouldn't be able to access the FTD from the outside, because until you've configured the FTD there is no outside interface, only the mgmt interface.

Highlighted

Unfortunately I do not have any PC in that LAN right now. I am trying to ping 10.10.0.60 from switch( to which it's mgmt is connected) but not able to ping. 

If gateway is correct than I should be able to ping gateway and any device should be able to ping it.

I am trying to https it via mgmt IP from different subnet but no luck.

 

Highlighted

I have connected laptop to inside interface. I can ping it but not https/ssh.

Moreover I see some cts config already present on it apart from

interface GigabitEthernet1/2
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 100

ip address 192.168.1.1 255.255.255.0

Do I need to enable something from ftd?

Highlighted
Enthusiast

@umeshunited 

 

Connetct your laptop directly to the firewall in case you think that something is not right with your internal network, your should be able to SSH to it.

 

But give reboot before you try it.

Please mark it helpfull if it was the case, and i have this problem too. Double touchdown is amazing. Thanks to make Engineering easy.
Highlighted

I have connected laptop to inside interface. I can ping it but not https/ssh.

Moreover I see some cts config already present on it apart from

interface GigabitEthernet1/2
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 100

ip address 192.168.1.1 255.255.255.0

Do I need to enable something from ftd?

Highlighted

I also tried adding network in "configure https-access-list...." and "configure ssh-access-list .... " but no luck.

Highlighted

So here what helped me get access.

Configuration register was set as 0x41 so it was not loading default FTD configuration so mgmt interface was showing in admin down state. We changed it to 0x01 from ROMMON mode and now I was able to access it using mgmt interface IP address.

View solution in original post

Content for Community-Ad