Solved: Re: Cisco ASA>FTD mgmt

umeshunited · ‎09-08-2020

Hello team,

We recently re-imaged 5516-x to FTD.

I am not able to access it using IP assigned to mgmt ip

When I do "show network"

===============[ System Information ]===============
Hostname : testftd
Management port : 8305
IPv4 Default route
Gateway : 10.10.0.1

======================[ br1 ]=======================
State : Enabled
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 03:AB:C4:C7:70:96
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 10.10.0.60
Netmask : 255.255.255.0
Broadcast : 10.10.0.255
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

When I ping 10.10.0.60 or 10.10.0.1 it says

No route to host X.X.X.X

When I checked in LINA engine Mgmt1/1 interface is admin down.

I selected option to manage it locally while setup.

How can I access it ?

umeshunited · ‎09-16-2020

So here what helped me get access.

Configuration register was set as 0x41 so it was not loading default FTD configuration so mgmt interface was showing in admin down state. We changed it to 0x01 from ROMMON mode and now I was able to access it using mgmt interface IP address.

View solution in original post

Rob Ingram · ‎09-08-2020

Hi,

Use the command "ping system 10.10.0.60"

HTH

umeshunited · ‎09-09-2020

Hello Rob,

It's pinging. But from outside I am not able to access that IP using https.

Rob Ingram · ‎09-09-2020

If you are using FMC to manage the FTD then you don't connect to it directly on https. You now need to configure it using the FMC.

umeshunited · ‎09-09-2020

Hi,

I am not using FMC, I am planning to administer it locally only using FDM.

Also I tried ping to gateway "ping system 10.10.0.1" and it's not pinging. Switch port config is good I double checked.

Rob Ingram · ‎09-09-2020

Sorry, my mistake, for some reason I thought you were using and FMC.

Have you attempted to connect to the FTD using https from a PC in the same VLAN?

To answer your previous question, you wouldn't be able to access the FTD from the outside, because until you've configured the FTD there is no outside interface, only the mgmt interface.

umeshunited · ‎09-09-2020

Unfortunately I do not have any PC in that LAN right now. I am trying to ping 10.10.0.60 from switch( to which it's mgmt is connected) but not able to ping.

If gateway is correct than I should be able to ping gateway and any device should be able to ping it.

I am trying to https it via mgmt IP from different subnet but no luck.

umeshunited · ‎09-11-2020

I have connected laptop to inside interface. I can ping it but not https/ssh.

Moreover I see some cts config already present on it apart from

interface GigabitEthernet1/2
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 100

ip address 192.168.1.1 255.255.255.0

Do I need to enable something from ftd?

Ruben Cocheno · ‎09-09-2020

@umeshunited

Connetct your laptop directly to the firewall in case you think that something is not right with your internal network, your should be able to SSH to it.

But give reboot before you try it.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

umeshunited · ‎09-11-2020