Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3184
Views
10
Helpful
5
Replies

Firepower 2130 ASA config questions

Go to solution
atsukane
Level 3
Level 3

‎11-23-2020 07:54 AM

Hi all,

 

A couple of questions around configuring ASA on Firepower 2130, especially around port-channel and SSH access to ASA.

I've followed this guide to configure both FXOS and ASA, but direct ssh access to ASA via management interface is still failing. I've attached ssh debug.

https://the.vpn.center/2019/02/running-asa-on-firepower-2100-guide.html

 

As for adding a port-channel, it seems to be OK on FXOS/Firepower Chassis Manager, all member interfaces are up.

On ASA, the port-channel is added but no member interfaces, and when trying add each interfaces to the channel-group, the command isn't available, nor I can't add them to channel-group on ASDM and am lost where to go from here!

 

https://community.cisco.com/t5/network-security/asa-on-firepower-2140-portchannel-not-come-up/m-p/4044387

 

Any help is greatly appreciated.

 

Many thanks,

 

Preview file
5 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rschlayer
Level 4
Level 4
In response to atsukane

‎11-23-2020 11:41 PM

I have an FPR-2130 running Appliance Mode when and when I use 'show fxos mode' it outputs the following:

hostname# show fxos mode
Mode is currently set to appliance

You can also connect via ASDM and it should show you the mode it is running in.

In Appliance mode you do not configure anything in FXOS, so I believe this is your issue here.

BR
Rick

View solution in original post

5 Replies 5

Go to solution
rschlayer
Level 4
Level 4

‎11-23-2020 08:05 AM - edited ‎11-23-2020 08:05 AM

Hello @atsukane 

are you using appliance or platform mode?

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/asa-appliance.html

Best regards

Rick

0 Helpful

Go to solution
atsukane
Level 3
Level 3
In response to rschlayer

‎11-23-2020 08:26 AM - edited ‎11-23-2020 08:45 AM

Hi @rschlayer 

 

I does not accept 'show fxos mode' so assuming it's in the default appliance mode.

 

Thanks,

 

Thanks,

0 Helpful

Go to solution
rschlayer
Level 4
Level 4
In response to atsukane

‎11-23-2020 11:41 PM

I have an FPR-2130 running Appliance Mode when and when I use 'show fxos mode' it outputs the following:

hostname# show fxos mode
Mode is currently set to appliance

You can also connect via ASDM and it should show you the mode it is running in.

In Appliance mode you do not configure anything in FXOS, so I believe this is your issue here.

BR
Rick

Go to solution
atsukane
Level 3
Level 3
In response to rschlayer

‎11-24-2020 02:48 AM

Thanks @rschlayer , that's very helpful.

I just assumed as it was out-the -box from a supplier with pre-loaded ASA image, I thought it's in Appliance mode which is the default, but looks like I've mistaken. Someone must've changed it to Platform mode before shipping. I should've spent more time reading the doc! 

Since I can't issue 'fxos mode appliance' to flip the ASA mode, I'll contact the supplier to confirm what's going on.

Thanks again for your time.

ciscoasa(config)# fxos ?

configure mode commands/options:
  https  Configure FXOS HTTPS options
  snmp   Configure FXOS SNMP options
  ssh    Configure FXOS SSH options
ciscoasa(config)# fxos

Thanks,

 

0 Helpful

Go to solution
atsukane
Level 3
Level 3

‎11-24-2020 04:06 AM - edited ‎11-24-2020 04:20 AM

Ah, I've found the problem. 

 


For pre-9.13(1) versions, Platform mode was the default and only option. If you upgrade from Platform mode, this mode is maintained.

 

We are running Cisco Adaptive Security Appliance Software Version 9.12(1)2 

Note to self, RTFM! 

Does this mean, updating ASA to the version that supports Appliance mode, then flip from Platform mode to Appliance mode would wipe the existing config and back to Default? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card