Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1598
Views
10
Helpful
9
Replies

Management IP has reset suddenly in ASA 5506-X

jeba1521
Level 1
Level 1

‎12-15-2020 06:55 AM

While I was configuring my ASA 5506-X NGFW , the management IP address has reset suddenly and am unable to use the management web interface to configure the firewall. I tried to set the ip address using the command 

configure network ipv4 manual 10.30.0.4 255.255.255.224 10.30.0.1, but with no luck. 

Has someone undergone this issue? I am unable to figure it out. 

version NGFW Version 6.2.3

 

0 Helpful
9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

‎12-15-2020 08:02 AM

if this is already register with FMC you need to delete and add managment address as below :

 

1. configure manager delete

2. remove from FMC device manangement

3. configure network ipv4 manual ipaddr netmask gw [ management_interface]

4. configure mananger add

5. add back in FMC

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jeba1521
Level 1
Level 1
In response to balaji.bandi

‎12-15-2020 08:09 AM - edited ‎12-15-2020 08:31 AM

Hi

Can you please help me how to

1. remove from FMC device manangement - How to remove?

2. configure mananger add ( Can you please give an example of how to write this command)

3. How to add back to FMC?

Also this is a basic box for home use and have no software subscriptions..

 

0 Helpful

Rob Ingram
VIP
VIP

‎12-15-2020 08:48 AM

@jeba1521 

You mention you are unable to use the management web interface to configure the firewall. Do you even have an FMC if it's used at home? If not, then you are unable to access the FDM web interface right?

 

Please provide the output of "show network"

Can you ping the default gateway (10.30.0.1) from the firewall?

 

0 Helpful

jeba1521
Level 1
Level 1
In response to Rob Ingram

‎12-15-2020 09:03 AM

Hi

  Yes, I am unable to use FDM web interface. 

===============[ System Information ]===============
Hostname : firepower
DNS Servers : 208.67.222.222
208.67.220.220
Management port : 8305
IPv4 Default route
Gateway : 10.30.0.1

======================[ br1 ]=======================
State : Enabled
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 70:DF:2F:CF:B2:32
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 10.30.0.4
Netmask : 255.255.255.224
Broadcast : 10.30.0.31
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

 

No I am unable to ping 10.30.0.1. Its the interface ip of the inside network which is routed to the outside network.

Also when I tried to connect to the internet with firewall outside as WAN( Gateway ip provided by ISP) , I was unable to access the internet. But when I tried to connect to one of the switch port of the wifi router and configured the gateway of the router as outside interface gateway, I was able to access the internet. Once that worked, the management ip also vanished suddenly. 

0 Helpful

Rob Ingram
VIP
VIP

‎12-15-2020 09:17 AM

Are you using the command "ping system 10.30.0.1" that uses the management interface to source the ping.

 

0 Helpful

jeba1521
Level 1
Level 1
In response to Rob Ingram

‎12-15-2020 09:46 AM

Hi

  The result is 

From 10.30.0.4 icmp_seq=1 Destination Host Unreachable
From 10.30.0.4 icmp_seq=2 Destination Host Unreachable
From 10.30.0.4 icmp_seq=3 Destination Host Unreachable
From 10.30.0.4 icmp_seq=4 Destination Host Unreachable
From 10.30.0.4 icmp_seq=5 Destination Host Unreachable
Should I put a route or NAT?

0 Helpful

Rob Ingram
VIP
VIP

‎12-15-2020 09:56 AM

Is the correct firewall interface plugged into the correct vlan on the switch?

Provide configuration of switch if necessary.

0 Helpful

jeba1521
Level 1
Level 1
In response to Rob Ingram

‎12-15-2020 11:05 AM - edited ‎12-15-2020 11:06 AM

I havent configured Vlan . Just created one inside/ouside and tested if internet is working.

After restart all the configs are gone

The running config is

show running-config
: Saved

:
: Serial Number: JAD212000V8
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cor es)
:
NGFW Version 6.2.3
!
hostname firepower
enable password $sha512$5000$gtpWIvLR73EjHGxtOva39A==$EToVRxvjEwbauJioVkVgZQ== p bkdf2
strong-encryption-disable
names

!
interface GigabitEthernet1/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
nameif diagnostic
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
no ip address
!
boot system disk0:/os.img
ftp mode passive
ngips conn-match vlan-id
pager lines 24
mtu diagnostic 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
no snmp-server location
no snmp-server contact
no service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
console timeout 0

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
!
service-policy global_policy global
prompt hostname context
snort preserve-connection
Cryptochecksum:acf3a8f9a080aa3b7ab6583101a05aa9

Rob Ingram
VIP
VIP

‎12-15-2020 11:14 AM - edited ‎12-15-2020 11:18 AM

I was referring to the switch. If you cannot ping the gateway, then how is the switch configured?

Does the switch have the SVI - 10.30.0.1 is it up? Can you ping the FTD from the switch?

Have you plugged in the correct ASA physical interface to the right vlan on the switch?

Have you tried to connect a computer directly into the FTD and access the Web GUI?

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card