Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
0
Helpful
1
Replies

How to configure Cisco ASA5506-X Threat Defense v6.2.3

Go to solution
Scott12
Level 1
Level 1

‎04-03-2019 07:51 AM - edited ‎02-21-2020 09:00 AM

Hello Community,

 

I'm new with this environment, Firepower Threat Defense, so I'm going to explain my case.

The company purchased a new Cisco ASA 5506-x with Threat Defense. I would like to know how can I start the configuration via ASA CLI, because when the asa starts I see the follow,

 

*****

INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
User enable_1 logged in to firepower
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help o '?' for a list
firepower login:

*****

 

The username is admin and the password Admin123.

I typed the command System support diagnostic-cli, and this is the config-file.

 

****

> system support  diagnostic-cli
Attaching to Diagnostic CLI ... Press 'Ctrl+a then d' to detach.
Type help or '?' for a list of available commands.

firepower> ena
Password:
firepower# sh running-config
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
NGFW Version 6.2.3
!
hostname firepower
enable password $sha512$5000$iCFMMxZm8hCN6wjpT/a3rA==$TkZMo0XRPHlSeoUozteaCw== pbkdf2
strong-encryption-disable
names

!
interface GigabitEthernet1/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
nameif diagnostic
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
no ip address
!
boot system disk0:/os.img
ftp mode passive
ngips conn-match vlan-id
pager lines 24
mtu diagnostic 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
no snmp-server location
no snmp-server contact
no service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
console timeout 0

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
snort preserve-connection
Cryptochecksum:c973fe3c21d3673b615eec8ebadb12e0
: end

 

My question is, How can I assign an ip address? or how can I access the firewall to configure it via cli ?

I've followed the guides, however this equipment doesn't have the default configuration.

:(

Any help will be appreciate it!

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
socratesp1980
Level 1
Level 1

‎04-04-2019 05:23 AM

If you are using FTD code. CLI is not possible you need to use either the FMC or FDM

View solution in original post

0 Helpful
1 Reply 1

Go to solution
socratesp1980
Level 1
Level 1

‎04-04-2019 05:23 AM

If you are using FTD code. CLI is not possible you need to use either the FMC or FDM
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card