Re: Firepower 2130 ASA mode not available

jds5 · ‎01-09-2025

Hello,

We cannot access ASA mode on new equipment received from Cisco (RMA)

Here's what we have:

firepower# connect
ftd Connect to FTD Application CLI

asa mode does not appear

firepower# sh version
Version: 2.12(0.519)
Startup-Vers: 2.12(0.519)

Here are the commands available:

firepower#
acknowledge Acknowledge
backup Backup
commit-buffer Commit transaction buffer
connect Connect to Another CLI
discard-buffer Discard transaction buffer
end Go to exec mode
exit Exit from command interpreter
scope Changes the current mode
set Set property values
show Show system information
terminal Terminal
top Go to the top mode
up Go up one mode
where Show information about the current mode

Has anyone ever encountered this issue ?

Best Regards,

Rob Ingram · ‎01-09-2025

@jds5 the hardware has the FTD image, you will need to reimage it with the ASA software image. If you download the image from the Cisco website, then follow this reimage guide https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

iLoveBGP · ‎01-09-2025

It seems like the issue here is that the new device you received is running in Firepower Threat Defense (FTD) mode, not ASA mode. Cisco ships many devices with FTD pre-installed, and in this mode, the ASA CLI isn’t accessible because FTD uses a completely different software architecture. If you need ASA mode, you’ll have to reimage the device with ASA software. This involves booting into ROMMON, uploading the ASA image (which you can download from Cisco’s site), and installing it on the device. Keep in mind that reimaging will wipe all existing configurations, so plan accordingly. If, however, FTD is what you want, you’ll manage the device using Firepower Management Center (FMC) or the Firepower Device Manager (FDM) instead of the traditional ASA CLI.

jds5 · ‎01-10-2025

Hello,

The goal is to have the ASA layer.
By reimage, we have the ASA part.
However, the USB port is not taken into account.
Does anyone know how to activate it?

Thanks,

Rob Ingram · ‎01-10-2025

@jds5 use FTP, HTTP(S), SCP, SMB, or TFTP server instead then.

Marvin Rhoads · ‎01-10-2025

If you plug in a FAT-32 formatted USB do you not see its contents from the cli? ("show flash" from FXOS).

Note it is not supported to use the USB from the ASA itself - only from fxos.

iLoveBGP · ‎01-10-2025

@jds5 The issue with your Firepower 2130 not providing access to ASA mode likely stems from the device being shipped with Firepower Threat Defense (FTD) software by default. To enable ASA mode, you’ll need to reimage the device specifically for ASA. This involves downloading the ASA software image from the Cisco Software Download portal and following the reimaging procedure. Typically, this process includes booting the appliance into ROMMON mode and uploading the ASA image using TFTP or a USB drive. If the USB port is not recognized, ensure the drive is formatted as FAT32 and use commands like dir usb0: to verify detection or boot usb0:/<image_name> to initiate the process. After reimaging, verify that the device boots into ASA mode by checking the prompt. Ensure you have installed a compatible image for your hardware and that the software is up to date. If issues with the USB persist, you can switch to TFTP or contact Cisco TAC for further assistance. Reimaging should enable the full ASA functionality required for your deployment.