Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2222
Views
5
Helpful
7
Replies

Firepower Module Issue when adding it in Firepower Management Center

laurathaqi
Level 3
Level 3

‎12-20-2021 12:25 AM

Dear community, 

 

I have an issue were when I try to add Cisco ASA with Firepower Module, in FMC, following is happening: 

- Firepower Module add Manager; adds FMC successfully. And it goes in a Pending State 

- When I try to add the Firepower Module in FMC, I get the following error as attached image in this Question 

 

The Version of ASA with Firepower is 6.2.2 and the Version of FMC is 6.2.3.16. 

 

Things I have tried so far: 

1. Restarted Firepower Module.

2. Restarted ASA and Firepower module.

3. Restarted FMC.

4. Made sure that there is communication in the specific port TCP 8305 between Firepower and FMC.

5. Made sure that the Registration Key is the same.

6. Made sure that NTP is the same in both Devices. 

7. Did troubleshooting based on following: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215540-configure-verify-and-troubleshoot-firep.html#anc19 but non of them resulted successful. 

 

Any idea how to further troubleshoot this case? 

 

Looking forward to hearing from you. 

 

Best wishes,

Laura

Preview file
184 KB
0 Helpful
7 Replies 7

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-20-2021 04:31 AM

You've identified all of the usual steps we would suggest to troubleshoot. Can you share what you saw during a packet capture as is recommended in the linked document?

If none of those availed you, then I would suggest opening a TAC case to look into the logs or pcap in detail

0 Helpful

rhuysmans
Level 1
Level 1

‎12-20-2021 02:09 PM

Hi Laura,

are you able to ping the FMC from the firepower module? I'm not sure if it's on the same subnet as the FMC or if there's a router in between? FMC to SFR?
Also you could try to upgrade the Firepower module so that it's running the same version as the FMC. They are both quite old versions which may have some quirks to them.

 

Cheers

René

 

0 Helpful

kjy210061
Level 1
Level 1

‎12-21-2021 03:55 PM

Hello, Laura.

tail -f /ngfw/var/log/messages | grep -i sftunnel to see what kind of error occurs.

If an SSL error occurs, connect via SSH from FTD and FMC, respectively, and modify the SSL key value.

laurathaqi
Level 3
Level 3
In response to kjy210061

‎12-21-2021 11:40 PM

Hi @kjy210061 

 

Can you please tell me what I should modify in the SSL Key Value? 

 

 

Thank you,

Laura

0 Helpful

kjy210061
Level 1
Level 1
In response to laurathaqi

‎12-22-2021 12:32 AM

The quickest way is to make an SSH connection from FTD to FMC and from FMC to FTD respectively.
in FMC -ssh admin@FTD_IP
in FTD - ssh admin@FMC IP

First, check if an ssl error occurs in /var/log/message of fmc.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kjy210061

‎12-22-2021 12:45 AM

@kjy210061 you are using SSL and ssh interchangeably in your suggestions. They are very different.

FMC to managed device communication uses the sftunnel which is TLS over tcp/8305.

0 Helpful

kjy210061
Level 1
Level 1
In response to Marvin Rhoads

‎12-22-2021 12:48 AM

@Marvin Rhoads Hello, Rhoads.

SSL communication is correct.
But this is one of my experiences.
If SSL Communication Error occurs in /var/log/messages, I changed the key value through SSH connection in FTD and FMC, and it was registered normally.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card