Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8295
Views
0
Helpful
19
Replies

FTD Registration Problem

ammann9113
Level 1
Level 1

‎03-29-2017 06:14 AM - edited ‎03-12-2019 02:08 AM

Hello everyone

I'm currently encountering a problem which really bugs me...

I have a 5506-X running with the FTD image (6.2) and everything (as far as I can tell) looks well. Except for one thing; the Smart License registration. I always get a error message, telling me I need to check my internet connectivity (for the mangement interface). I am able to access the internet through the ASA, I can ping Google from the ASA CLI, updates are being downloaded and installed every other day...

I've tried "Use the Data Interfaces as the Gateway" and a unique gateway for the management interface, all with the same result..

I need help.. :-) I don't even know where to find logs...

Thanks!

Here's the full error msg:

The device was unable to connect to the Smart Licensing server. This might indicate a gateway problem for the management interface. Please select Evaluation Mode for now. Then, after completing setup, go to Device > System Settings > Management Interface and verify the management address and gateway configuration. There must be a path from the management IP address to the Internet to complete Smart License registration. You can then go to Device > Smart License and try registering again.

6 people had this problem
Labels:
0 Helpful
19 Replies 19

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ammann9113

‎03-30-2017 02:29 AM

The diagnostic interface is the original source but the packet should arrive on the data plane via your "inside_vlan_900 interface" and flow throught the FTD (or not) based on the policies configured.

It is really odd (possibly a bug?) that we see "Drop-reason: (inspect-dns-invalid-pak) DNS Inspect invalid packet" even though the details showed the LINA (ASA code bits) inspection rules passed the packet.I wonder what would happen if you went in and disabled dns inspection - something like

policy-map global_policy
   class inspection_default
      no inspect dns

This should be possible with a flex-config.
0 Helpful

ammann9113
Level 1
Level 1
In response to Marvin Rhoads

‎03-30-2017 02:45 AM

I did a "configure inspection dns disable", now the packet-tracer command from above runs without an error.

The license registration still fails though...

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ammann9113

‎03-30-2017 03:01 AM

I have a 5506-X that I've been meaning to update to Smart license vs the eval mode it had been in.

I will lab it up as soon as I get some time and let you know my results.

0 Helpful

ammann9113
Level 1
Level 1
In response to Marvin Rhoads

‎03-30-2017 03:51 AM

Thanks a lot, Marvin! Have a good day!

0 Helpful

ammann9113
Level 1
Level 1

‎05-15-2017 07:57 AM

For anybody, that might be interested...

I finally found the time to re-image my ASA. And with that, the problem was gone. Same version, same settings but I finally was able to register my device.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card