Now that makes sense! And yes, I have FTD on this device. I understand that you mean this is by design. Is there a way to go around it? I must mention that at the moment I am not using the FTD features (I havent bought licenses for them - still debating whether I should or shouldn't). Can I replace this image with something else? And how do I do so?

Thanks.

Yes you can replace the FTD image with a "classic" ASA image. You will need entitlement to download the ASA and aSDM software (generally implying a support contract).

Instructions for the reimage can be found here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html#id_57458

Hi Marvin,

Is there a way I can setup ASDM on this device as it is (with the FTD image)? Tried to find some resource online without success.

Once again, thank you for your help.

Mwamba

No that's not possible. ASDM cannot manage any device running FTD in any way whatsoever.

FTD is managed via the on-box GUI (Firepower Device Manager). You can manage it remotely using a Firepower Management Center server. The cloud-based Cisco Defense Orchestrator also provides some management capabilities. Only the first method can be done without separate licensing.

You're welcome.

Please mark the helpful replies as such to encourage participation in the community.

HI Marvin,

I'm in a very similar situation with the 5506, FTD unit. Brand new unit with older firmware, bought a license and have the latest firmware downloaded, but locked completely out from the ASA5506- username and password doesn't accept, terminal client doesn't communicate(putty and hyper-terminal), and when plugging the USB into the laptop- it tries to load, errors out saying nothing to load. Have tried several laptops, same result. Cisco USB console connection shows in device manager, but no drivers, etc..Given that the only configuration method is through a browser(Thank you for the post) any ideas how to get back in? Is there a super secret thing that can be typed in to get back in? magical button to push? FYI: reset doesn't do anything to help this.

Thanks in advance,

Ron

Do you get a DHCP-assigned address and see the FDM GUI at all when you connect via Ethernet to the ASA?

If you have a USB-serial console cable but no drivers then you need to download and install the Cisco USB console driver.

https://software.cisco.com/download/home/282867573/type/282855122/release/3.1

With that installed you should be able to get a command prompt and follow the quick start guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5506X/ftd-fmc-5506x-qsg.html#pgfId-145604

Hi Marvin,

Yes, I get the GUI through the browser- login page. Can't login- doesn't accept the user/password- tried every combination, admin/Admin123 and the ones I set up. I followed a quick setup guide, through the browser, upon receiving the unit over a month ago- locked out since. The guide you linked below appears similar- but not the same as what I used. Maybe the guide I used wasn't the correct one....?

That led me to go to USB CLI. I ended up hunting for the USB drivers and downloaded a USB console driver from a Cisco Router 22xx page(after i replied to your post found in a document Windows has to use a Cisco downloadable USB driver) and that appears to have worked this past weekend. Connecting by way of Putty and serial comms, but this doesn't seem to provide access for changes. >Configure command is not recognized....>Configure password isn't accessible either through this type of comms or my access level.

I'll give SSH a try(document mentions to use SSH).

Thanks,

Ron

Please connect the console and turn on session logging in putty?

Then power cycle the unit. Share the resulting output.