Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1571
Views
0
Helpful
8
Replies

FirePower on ASA 5506

zulqurnain
Level 3
Level 3

ā€Ž03-15-2016 12:39 PM - edited ā€Ž03-12-2019 12:29 AM

Hi 

I have been trying to get our new 5506-X firewalls configured with FirePower but it seems something is not happening right , whenever I try to add the device into FirePower Management Center which is as following version

Software Version 6.0.0 (build 1005)
OS Cisco Fire Linux OS 6.0.0 (build258)
Snort Version 2.9.8 GRE (Build 229)

with FirePower which is as following version 

Model : ASA5506 (72) Version 5.4.1 (Build 211)

I get a message in management center as following 

"Could not establish a connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection."

I have been searching around but I have not been able to grap the main reason behind it as multiple scenario and answers are provided in different posts.

Any help would be appreciated. 

Labels:
0 Helpful
8 Replies 8

Aditya Ganjoo
Cisco Employee
Cisco Employee

ā€Ž03-15-2016 12:53 PM

Hi,

We need to check the status of sftunnel.conf file.

Can you please check if the FirePower module is able to telnet to the FireSight on port 8305 and vice versa.

Also please check if the status of sftunnel is up on both devices by running :

pmtool status | grep sftunnel

This happens due to some issue with sftunnel.conf file. You can follow instructions mentioned in the  following document.

https://supportforums.cisco.com/discussion/12310476/fail-register-sfr-module

If it does not help please open a TAC case.

Regards,

Aditya

Please rate helpful posts.

0 Helpful

zulqurnain
Level 3
Level 3
In response to Aditya Ganjoo

ā€Ž03-15-2016 01:09 PM

Hi Aditya

you said telnet , my FW doesn't have telnet enabled it's only SSH. Do I need to enable Telnet ?

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to zulqurnain

ā€Ž03-15-2016 01:13 PM

Hi,

You need to telnet from the FirePower module to the FireSight on port 8305 and vice versa.

Regards,

Aditya

0 Helpful

zulqurnain
Level 3
Level 3
In response to Aditya Ganjoo

ā€Ž03-16-2016 03:11 PM

alright so I logged in to FirePower Module and entered into expert mode and did a telnet to FireSight using port 8305 and vice versa and I am getting 'connection refused' 

How do i go about opening these ports on each side ?

Thanks

0 Helpful

zulqurnain
Level 3
Level 3
In response to zulqurnain

ā€Ž03-16-2016 03:27 PM

they can ping each other and on FireSight under Configuration >  Management Interface > Remote Management Port is defined 8305 

and on FireModule Management Port 8305 is configured as well. 

0 Helpful

zulqurnain
Level 3
Level 3
In response to zulqurnain

ā€Ž03-16-2016 03:56 PM

I followed the steps in the thread below but in vain

https://supportforums.cisco.com/discussion/12310476/fail-register-sfr-module

0 Helpful

zulqurnain
Level 3
Level 3
In response to zulqurnain

ā€Ž03-21-2016 08:38 AM

Hi 

I just wanted to give my input as I was able to get it working.

At least that is what I think was happening , my FireSight version was 6.0.0 where as my ASA FirePower version was 5.4 . I simple upgraded the ASA side to 6.0.0 and it worked just fine. 

Thanks everyone for supporting it.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to zulqurnain

ā€Ž03-15-2016 06:47 PM

To clarify what Aditya mentioned - the FirePOWER module (not the ASA itself) initiates the telnet session. It does so from it's own OS (Linux). The ASA itself need neither initiate or respond to telnet.

You specify for it to use tcp/8305 to mimic the module-FirePOWER Management Center communications.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card