cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

974
Views
0
Helpful
7
Replies
dovla091
Beginner

Firepower button missing

I found some other article regarding this issue, but I have tried everything and I have hit a dead end.

I followed the procedure how to configure SFR and I could not ping the management interface, so I created IP on the management interface 192.168.2.1, and on sfr console I declared gateway and ip address as 192.168.2.1 same subnet. And I could ping the interface just fine. It worked on my previous ASA5506X, but now I am having an issue on ASA5508X with FP.

This is the current setup of the ASA

show running-config
: Saved

:
: Serial Number: JAD20240A15
: Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cores)
:
ASA Version 9.6(1)
!
hostname XXXXXASA
enable password XXXXXXXXXXXXXXXXXX encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names

!
interface GigabitEthernet1/1
nameif outsideMain
security-level 0
no ip address
!
interface GigabitEthernet1/2
nameif outsideFailback
security-level 0
no ip address
!
interface GigabitEthernet1/3
nameif administration
security-level 100
no ip address
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4.1
vlan 1
nameif administrationW
security-level 100
no ip address
!
interface GigabitEthernet1/4.10
vlan 10
nameif guestWiFi
security-level 80
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
nameif management
security-level 100
ip address 192.168.2.1 255.255.255.0
!
ftp mode passive
access-list SFR extended permit ip any any
access-list sfr_policy extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu outsideMain 1500
mtu outsideFailback 1500
mtu administration 1500
mtu administrationW 1500
mtu guestWiFi 1500
mtu management 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 192.168.2.0 255.255.255.0 management
http redirect management 80
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
fqdn none
subject-name CN=192.168.2.1,CN=XXXXXXXXASA
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
certificate cc2da157
308202d2 308201ba a0030201 020204cc 2da15730 0d06092a 864886f7 0d010105
0500302b 31133011 06035504 03130a53 616e6465 72734153 41311430 12060355
0403130b 3139322e 3136382e 322e3130 1e170d31 36303830 32323334 3230345a
209faf58 d899c3ed bd93acaf dd498309 8f4e410f 6329fd63 13a37637 6bac0162
9dc088d7 a1c12034 b0faff5b 86e567f8 e2860163 28126043 79aed6ae 71415bfd
fc278d2b e608e0bd 7b051eb1 b07b11da 4e6344c8 31ec6cdc 1c854fad 2b360128
925f0a89 6ef630f0 679085fc e529522e 38bffed1 04cb7375 02f6d78d 3cbd4908
aa728abb 6d743ebc 5f58d629 549c3071 4132949b da3ea31b 59a53f99 e4989fb0
18946ef0 ee1debdd 87614915 efbb8a5f be09c74e 683d9460 a5c18d3a 2b467a58
b089b45f 23c67105 37261bc1 dfec8669 2654ba3b 492e7285 6dbf5328 0d657eec
86f3536e 2979a20d 5fce7099 45525a3a 63a92e57 6461f574 7320b9b8 ef020301
0001300d 06092a86 4886f70d 01010505 00038201 0100712b ab265e8e cdd8cd78
2d96c89d 064f5500 5e68bd61 250c5cd1 4d023be4 93c903e8 1d17b810 fb8eb89e
21f5550f 57ac5a42 a90073df 88f2c157 ef332af6 305ec79a eaebe1fe da6f1bd8
24f2053e f890260c 3b9b5810 f39876b5 28d45567 3b503943 06a465cf db655349
7fe40ade f1bf6b00 b1220ccf e87c098b f931b365 1a94cd3e e7277ef7 5dc22faf
69e264b2 f566ab0e 1efe8514 90a7f647 29df69ce ca69b049 febcc14a 31790de1
47b869fa bd4303bb 43dcef42 4569fdf0 d371d51b 24465b08 b1bd1d79 fa3efcbb
79326782 337217af 85e38c57 a1c94c82 15014c66 da0e9753 99dad3df 1c138471
6d8749ef 52401ef2 40956c76 1ac768d9 7bd9c890 b1d2
quit
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

ssl trust-point ASDM_Launcher_Access_TrustPoint_0 management
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 management vpnlb-ip
dynamic-access-policy-record DfltAccessPolicy
username admin password XXXXXXXXXXXXX/ encrypted privilege 15
!
class-map SFR
match access-list SFR
class-map inspection_default
match default-inspection-traffic
class-map sfr_policy
match access-list sfr_policy
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect dns preset_dns_map
class SFR
sfr fail-open
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
password encryption aes
Cryptochecksum:d79ec45531d5d19ad8a070b9bf32f426
: end

and SFR setup is:

> show network
===============[ System Information ]===============
Hostname : SandersASA
DNS Servers : 8.8.8.8
8.8.4.4
208.67.222.222
208.67.220.220
Management port : 8305
IPv4 Default route
Gateway : 192.168.2.1

======================[ eth0 ]======================
State : Enabled
Channels : Management & Events
Mode :
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : CC:16:7E:87:22:84
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.2.1
Netmask : 255.255.255.0
Broadcast : 192.168.2.255
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

> show route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 cplane
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0

Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::1/128 :: U 0 10 1 lo
fe80::200:ff:fe02:1/128 :: U 0 0 1 lo
fe80::ce16:7eff:fe87:2284/128 :: U 0 0 1 lo
fe80::/64 :: U 256 0 0 cplane
fe80::/64 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 cplane
ff00::/8 :: U 256 0 0 eth0

> show summary
-------------------[ SandersASA ]-------------------
Model : ASA5508 (72) Version 5.4.1 (Build 211)
UUID : 6537eff4-5866-11e6-ad5e-edd4f7c0da15
Rules update version : 2015-01-15-001-vrt
VDB version : 229
----------------------------------------------------

------------------[ policy info ]-------------------
Access Control Policy : Default Allow All Traffic

------------------[ outsideMain ]-------------------
Physical Interface : GigabitEthernet1/1
Type : ASA
Security Zone : None
Status : Enabled
Load Balancing Mode : N/A
----------------[ outsideFailback ]-----------------
Physical Interface : GigabitEthernet1/2
Type : ASA
Security Zone : None
Status : Enabled
Load Balancing Mode : N/A
-----------------[ administration ]-----------------
Physical Interface : GigabitEthernet1/3
Type : ASA
Security Zone : None
Status : Enabled
Load Balancing Mode : N/A
----------------[ administrationW ]-----------------
Physical Interface : GigabitEthernet1/4.1
Type : ASA
Security Zone : None
Status : Enabled
Load Balancing Mode : N/A
-------------------[ guestWiFi ]--------------------
Physical Interface : GigabitEthernet1/4.10
Type : ASA
Security Zone : None
Status : Enabled
Load Balancing Mode : N/A
---------------------[ cplane ]---------------------
IPv4 Address : 127.0.2.1
----------------------[ eth0 ]----------------------
Physical Interface : eth0
Type : Management
Status : Enabled
MDI/MDIX : Auto
MTU : 1500
MAC Address : CC:16:7E:87:22:84
IPv4 Address : 192.168.2.1
---------------------[ tunl0 ]----------------------
----------------------------------------------------

---------------[ snort version info ]---------------
Snort Version : 2.9.7 GRE (Build 178)
libpcap Version : 1.1.1
PCRE Version : 7.4 2007-09-21
ZLIB Version : 1.2.5
----------------------------------------------------

System info:

ASDM version 7.6(1)

Cisco Linux OS v5.4.1 (build 12)
Cisco ASA5508 v5.4.1 (build 211)

Cisco Adaptive Security Appliance Software Version 9.6(1)

I honestly don't believe that it is configuration issue, but rather java version mismatch. I am currently running java 1.7_u51 64bit...

Any suggestions how to resolve this? 

7 REPLIES 7
Jetsy Mathew
Cisco Employee

Hello Team,

If you suspect the java version mismatch , please check for the Java Console debugs at the time of opening the ASDM . If there is any mismatch issues it will show up there. Also verify the self sign cert requirement.

Apart from that please verify that the deployment supports any of the following scenario in the following link:-

http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html

Could you please verify that you finished the sfr installation with both pkg and .img files.

If so , as a next step could you please check, if the ASA FirePOWER Status tab is present by clicking the Home icon in the ASDM .

Is it only the ASA FirePOWER Reporting tab and the ASA FirePOWER Dashboard are missing ?

If you are seeing only the ASA Firepower Status tab but no any ASA FirePOWER Reporting/Dashboard.

Then It’s not the fault with your SFR installation.

In your case ,first verify that the user id has at least privilege 15. The user id needs high enough privilege to access the FirePOWER components.

Note:- Username created by default without explicitly configuring the privilege command would be "2".

Next thing to do is to click on the ASA FirePOWER Status tab. Verify that the ASA FirePOWER module's state is Up. If it is not, than you will need to log onto the ASA device to restart the module. It is possible that the module is still re-starting. When it is in the Up state, you will need to restart ASDM to display the tabs.

Another  possible issue that may be the  FirePOWER module is unreachable because it is behind a NAT device. At startup, ASDM will display a dialog to enter the FirePOWER's IP and port numbers.


Entering the correct IP and Port numbers will display the missing tabs.

Note: Entering an invalid but working IP and Port number will cause the tabs to still be missing. An example of this would be entering the IP and Port of a different ASA FirePOWER installed on a different ASA.

Also please reboot the Firepower module once gracefully.

The last possible issue is hope you are not using Windows 10 since that is the only one which is not supported. 

http://www.cisco.com/c/en/us/td/docs/security/asdm/7_6/release/notes/rn76.html#id_25476

Rate and mark correct if the post helps you

Regards

Jetsy 

Hi Jetsy,

In the dashboard, the status of the SFR is up and running.

The java version is also not an issue, and user id is level 15.

NAT is not implemented for now, but I need to make sure when it does that Firepower still works.

Regarding java console output: well it looks like there is an issue with connecting with firepower...

this is the trace from java log:

Trying for ASDM Version file; url = https://192.168.2.1/admin/

Server Version = 7.6(1)

Server Launcher Version = 1.7.0, size = 775168 bytes

Launcher version checking is successful.

invoking SGZ Loader..

Cache location = C:/Users/vt/.asdm/cache

2016-07-28 16:47:25,382 [ERROR] CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing:

0 [SGZ Loader: launchSgzApplet] ERROR com.cisco.pdm.headless.startup  - CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing:

CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing:

2016-07-28 16:47:25,413 [ERROR] CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing messenger: chr@1d63530a

31 [SGZ Loader: launchSgzApplet] ERROR com.cisco.pdm.headless.startup  - CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing messenger: chr@1d63530a

CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing messenger: chr@1d63530a

2016-07-28 16:47:48,373 [ERROR]  Unable to login to DC-Lite. STATUS CODE IS 401

22991 [SGZ Loader: launchSgzApplet] ERROR com.cisco.dmcommon.util.DMCommonEnv  -  Unable to login to DC-Lite. STATUS CODE IS 401

jul 28, 2016 2:47:48 PM r9 cm

INFO: Failed to connect to FirePower, continuing without it.

jul 28, 2016 2:47:48 PM r9 cm

INFO: If the FirePower is NATed, clear the cache (C:/Users/.../.asdm/data/firepower.conf) and try again.

No CSD version

Since I don't have any clue why it is not passing the communication, from the configuration you can see access-list that I allowed the communication from ASDM to any interface...  What am I missing?

What I also noticed when I remove in ios Management 1/1 "no nameif", no "security-level" and "no ip address". I cannot ping management interface of the SFR module that is on 192.168.2.1 255.255.255.0 address... Why is that?

The access-list is set to allow any any?!?!?

1 )Check the management port and inside interface connections to the switch which are in the same VLAN

2) ping and telnet from sfr to inside IP

3) Access the SFR IP directly over HTTPS if it fails probably HTTPSD is down verify with pmtool status | grep httpsd from the Firepower CLI.

Hello Team,

Based on the error appeared in the java console logs ,You can try these things , I think that would help:-

1) Verify the connectivity from the Client and the SFR Management IP
2) Try to clear Java Cache:- https://www.java.com/en/download/help/plugin_cache.xml
3) Upgrade the Java to latest version
4) Try from a different computer

Rate and mark correct if the post helps you

Regards

Jetsy 

OK, after battling and wasting to much of my time, I found my previous configuration of ASA5506X and added configuration of ASA from scratch,

this setup is now showing Firepower, even though I must admit, I don't see the difference between previous one and this one, except few changes:

- dns domain-lookup Management
- icmp permit network interface - all except management
- user-identity default-domain LOCAL
- aaa authentication ssh console LOCAL
- http server enable
- http 192.168.2.0 255.255.255.0 Management

and

in SFR console chaged ipv4 address to "192.168.2.2 255.255.255.0 192.168.2.1 eth0"

and changing Management interface nameif to first capital letter... (which I hardly doubt that this can be the reason...)


: Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cores)
:
ASA Version 9.6(1)
!
hostname XXXXXASA
enable password XXXXXXXXXXXXXXX encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names

!
interface GigabitEthernet1/1
nameif outsideMain
security-level 0
no ip address
!
interface GigabitEthernet1/2
nameif outsideFailback
security-level 0
no ip address
!
interface GigabitEthernet1/3
nameif administration
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4.1
vlan 1
nameif administrationW
security-level 100
no ip address
!
interface GigabitEthernet1/4.10
vlan 10
nameif guestWiFi
security-level 80
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
description Management of the ASA via ASDM
management-only
nameif Management
security-level 80
ip address 192.168.2.1 255.255.255.0
!
ftp mode passive
dns domain-lookup outsideMain
dns domain-lookup outsideFailback
dns domain-lookup administration
dns domain-lookup administrationW
dns domain-lookup guestWiFi
dns domain-lookup Management
access-list sfr_policy extended permit ip any any
access-list sfr_redirect extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu outsideMain 1500
mtu outsideFailback 1500
mtu administration 1500
mtu administrationW 1500
mtu guestWiFi 1500
mtu Management 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit 192.168.1.0 255.255.255.0 administration
icmp permit 192.168.1.0 255.255.255.0 administrationW
icmp permit 192.168.10.0 255.255.255.0 guestWiFi
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 administration
http 192.168.2.0 255.255.255.0 Management
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
fqdn none
subject-name CN=192.168.2.1,CN=XXXXXASA
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_1
enrollment self
fqdn none
subject-name CN=192.168.1.1,CN=XXXXXASA
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
certificate c237a157
308202d2 308201ba a0030201 020204c2 37a15730 0d06092a 864886f7 0d010105
0500302b 31133011 06035504 03130a53 616e6465 72734153 41311430 12060355
0403130b 3139322e 3136382e 322e3130 1e170d31 36303830 33303033 3934335a
170d3236 30383031 30303339 34335a30 2b311330 11060355 0403130a 53616e64
65727341 53413114 30120603 55040313 0b313932 2e313638 2e322e31 30820122
300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 009bffb9
209faf58 d899c3ed bd93acaf dd498309 8f4e410f 6329fd63 13a37637 6bac0162
9dc088d7 a1c12034 b0faff5b 86e567f8 e2860163 28126043 79aed6ae 71415bfd
fc278d2b e608e0bd 7b051eb1 b07b11da 4e6344c8 31ec6cdc 1c854fad 2b360128
925f0a89 6ef630f0 679085fc e529522e 38bffed1 04cb7375 02f6d78d 3cbd4908
aa728abb 6d743ebc 5f58d629 549c3071 4132949b da3ea31b 59a53f99 e4989fb0
18946ef0 ee1debdd 87614915 efbb8a5f be09c74e 683d9460 a5c18d3a 2b467a58
b089b45f 23c67105 37261bc1 dfec8669 2654ba3b 492e7285 6dbf5328 0d657eec
86f3536e 2979a20d 5fce7099 45525a3a 63a92e57 6461f574 7320b9b8 ef020301
0001300d 06092a86 4886f70d 01010505 00038201 010010ed 07ec3e3e 54cabf6e
3b42c98d 3e919847 6147ab2c 39a6f8d8 d114ab85 75b7c629 442eb2fb a00e03e6
2081ebdb e2e28bff 2d1b9528 b05b9e94 7441de0e 1afedacb 1a531103 ad21b918
cfdefefe 3f417dd8 db846235 aa2a04db fc97cbed db735473 ac4d244a 49effbd4
0449df97 5c605ad4 4f2bfd35 09fcba63 9d8ce661 a7a40bfa 66297aaf 7ce271a1
2dc52822 2eeb5786 20a1501a 7773d35c e652203e 4a35a93f f9d5608e 2fce8683
ed8f6158 5ef66923 fde27750 30079459 6c62a503 cc6b630f f0688977 1a11a05a
b2a97b88 58cb8fe5 bccc23da f0bc88c3 57864600 7df648ef 29c6039f f057b891
e7d96647 86cda131 3cd9f917 642a3c49 5a14f9fd 480b
quit
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_1
certificate ad4ea157
308202d2 308201ba a0030201 020204ad 4ea15730 0d06092a 864886f7 0d010105
0500302b 31133011 06035504 03130a53 616e6465 72734153 41311430 12060355
0403130b 3139322e 3136382e 312e3130 1e170d31 36303830 33303335 3530305a
170d3236 30383031 30333535 30305a30 2b311330 11060355 0403130a 53616e64
65727341 53413114 30120603 55040313 0b313932 2e313638 2e312e31 30820122
300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 009bffb9
209faf58 d899c3ed bd93acaf dd498309 8f4e410f 6329fd63 13a37637 6bac0162
9dc088d7 a1c12034 b0faff5b 86e567f8 e2860163 28126043 79aed6ae 71415bfd
fc278d2b e608e0bd 7b051eb1 b07b11da 4e6344c8 31ec6cdc 1c854fad 2b360128
925f0a89 6ef630f0 679085fc e529522e 38bffed1 04cb7375 02f6d78d 3cbd4908
aa728abb 6d743ebc 5f58d629 549c3071 4132949b da3ea31b 59a53f99 e4989fb0
18946ef0 ee1debdd 87614915 efbb8a5f be09c74e 683d9460 a5c18d3a 2b467a58
b089b45f 23c67105 37261bc1 dfec8669 2654ba3b 492e7285 6dbf5328 0d657eec
86f3536e 2979a20d 5fce7099 45525a3a 63a92e57 6461f574 7320b9b8 ef020301
0001300d 06092a86 4886f70d 01010505 00038201 01008bf8 91822517 d58ce502
79c5c104 38c484e7 c6f4abe4 0592b8d0 4d270543 7ae872b8 0fd5b83a 9c83ae89
e65352ad e174a25d edddd76e 28a919d5 01819d3d 9314eaa0 9b16b9d5 c00d0323
a46a5929 f8dfbfcc 5a5f3487 673abdd7 f3812b1d 256fc53a b4c07a81 604ca91e
bd970f68 ec5cff17 443d0c12 108c10b4 7a0fd427 cec20b51 f0b4f51f ad23884b
c64cd19c 82616aff 19a894c9 87475f82 656c1b43 d35c0562 690b3510 09b9eed8
649bbb84 bec1ce02 9786ca6c 28853c8f 2612008c c4685609 61d3fef4 37c65619
fdc26c74 e03a4138 d87274ac f38f65ff 11b4a431 4bc9edf8 cd737d2b 50bca3ff
6b9ed4be 94a7fb56 de090512 529dbc38 f9a5b7f0 8fc6
quit
telnet timeout 5
ssh stricthostkeycheck
ssh 192.168.1.0 255.255.255.0 administration
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd dns 8.8.8.8
!
dhcpd address 192.168.1.2-192.168.1.254 administration
dhcpd enable administration
!
ssl trust-point ASDM_Launcher_Access_TrustPoint_1 administration
ssl trust-point ASDM_Launcher_Access_TrustPoint_1 administration vpnlb-ip
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 Management vpnlb-ip
dynamic-access-policy-record DfltAccessPolicy
username admin password XXXXXXXXXXXXX/ encrypted privilege 15
username administrator password XXXXXXXXXXXXX/ encrypted privilege 15
!
class-map global-class
description ADSM - Firepower Communication
match any
class-map sfr
match access-list sfr_redirect
class-map inspection_default
match default-inspection-traffic
class-map sfr_policy
match access-list sfr_policy
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class sfr
sfr fail-open
policy-map global-policy
description SFR rule for ASDM to Firepower module communication
class global-class
sfr fail-open
class inspection_default
inspect icmp
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
!
service-policy global-policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
password encryption aes
Cryptochecksum:7b7063e1114e52a5af799b7d760000a7
: end

Any idea what enabled the Firepower button options?

Have you noted the following error ?

2016-07-28 16:47:48,373 [ERROR] Unable to login to DC-Lite. STATUS CODE IS 401
22991 [SGZ Loader: launchSgzApplet] ERROR com.cisco.dmcommon.util.DMCommonEnv - Unable to login to DC-Lite. STATUS CODE IS 401
jul 28, 2016 2:47:48 PM r9 cm"

Content for Community-Ad