cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2595
Views
0
Helpful
11
Replies

Cisco ASA>FTD mgmt

umeshunited
Level 1
Level 1

Hello team,

We recently re-imaged 5516-x to FTD.

I am not able to access it using IP assigned to mgmt ip

When I do "show network"

 

===============[ System Information ]===============
Hostname : testftd
Management port : 8305
IPv4 Default route
Gateway : 10.10.0.1

======================[ br1 ]=======================
State : Enabled
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 03:AB:C4:C7:70:96
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 10.10.0.60
Netmask : 255.255.255.0
Broadcast : 10.10.0.255
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

When I ping 10.10.0.60 or 10.10.0.1 it says 

No route to host X.X.X.X

 

When I checked in LINA engine Mgmt1/1 interface is admin down.

I selected option to manage it locally while setup.

 

How can I access it ?

1 Accepted Solution

Accepted Solutions

So here what helped me get access.

Configuration register was set as 0x41 so it was not loading default FTD configuration so mgmt interface was showing in admin down state. We changed it to 0x01 from ROMMON mode and now I was able to access it using mgmt interface IP address.

View solution in original post

11 Replies 11

Hi,

Use the command "ping system 10.10.0.60"

 

HTH

 

Hello Rob,

It's pinging. But from outside I am not able to access that IP using https.

If you are using FMC to manage the FTD then you don't connect to it directly on https. You now need to configure it using the FMC.

Hi,

I am not using FMC, I am planning to administer it locally only using FDM.

Also I tried ping to gateway "ping system 10.10.0.1" and it's not pinging. Switch port config is good I double checked.

 

Sorry, my mistake, for some reason I thought you were using and FMC.

 

Have you attempted to connect to the FTD using https from a PC in the same VLAN?

To answer your previous question, you wouldn't be able to access the FTD from the outside, because until you've configured the FTD there is no outside interface, only the mgmt interface.

Unfortunately I do not have any PC in that LAN right now. I am trying to ping 10.10.0.60 from switch( to which it's mgmt is connected) but not able to ping. 

If gateway is correct than I should be able to ping gateway and any device should be able to ping it.

I am trying to https it via mgmt IP from different subnet but no luck.

 

I have connected laptop to inside interface. I can ping it but not https/ssh.

Moreover I see some cts config already present on it apart from

interface GigabitEthernet1/2
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 100

ip address 192.168.1.1 255.255.255.0

Do I need to enable something from ftd?

Ruben Cocheno
Spotlight
Spotlight

@umeshunited 

 

Connetct your laptop directly to the firewall in case you think that something is not right with your internal network, your should be able to SSH to it.

 

But give reboot before you try it.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

I have connected laptop to inside interface. I can ping it but not https/ssh.

Moreover I see some cts config already present on it apart from

interface GigabitEthernet1/2
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 100

ip address 192.168.1.1 255.255.255.0

Do I need to enable something from ftd?

I also tried adding network in "configure https-access-list...." and "configure ssh-access-list .... " but no luck.

So here what helped me get access.

Configuration register was set as 0x41 so it was not loading default FTD configuration so mgmt interface was showing in admin down state. We changed it to 0x01 from ROMMON mode and now I was able to access it using mgmt interface IP address.

Review Cisco Networking for a $25 gift card