Showing results for 
Search instead for 
Did you mean: 

Management IP has reset suddenly in ASA 5506-X

Level 1
Level 1

While I was configuring my ASA 5506-X NGFW , the management IP address has reset suddenly and am unable to use the management web interface to configure the firewall. I tried to set the ip address using the command 

configure network ipv4 manual, but with no luck. 

Has someone undergone this issue? I am unable to figure it out. 

version NGFW Version 6.2.3


9 Replies 9

Hall of Fame
Hall of Fame

if this is already register with FMC you need to delete and add managment address as below :


1. configure manager delete

2. remove from FMC device manangement

3. configure network ipv4 manual ipaddr netmask gw [ management_interface]

4. configure mananger add

5. add back in FMC




***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help


Can you please help me how to

1. remove from FMC device manangement - How to remove?

2. configure mananger add ( Can you please give an example of how to write this command)

3. How to add back to FMC?

Also this is a basic box for home use and have no software subscriptions..



You mention you are unable to use the management web interface to configure the firewall. Do you even have an FMC if it's used at home? If not, then you are unable to access the FDM web interface right?


Please provide the output of "show network"

Can you ping the default gateway ( from the firewall?



  Yes, I am unable to use FDM web interface. 

===============[ System Information ]===============
Hostname : firepower
DNS Servers :
Management port : 8305
IPv4 Default route
Gateway :

======================[ br1 ]=======================
State : Enabled
Channels : Management & Events
Mode : Non-Autonegotiation
MTU : 1500
MAC Address : 70:DF:2F:CF:B2:32
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address :
Netmask :
Broadcast :
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled


No I am unable to ping Its the interface ip of the inside network which is routed to the outside network.

Also when I tried to connect to the internet with firewall outside as WAN( Gateway ip provided by ISP) , I was unable to access the internet. But when I tried to connect to one of the switch port of the wifi router and configured the gateway of the router as outside interface gateway, I was able to access the internet. Once that worked, the management ip also vanished suddenly. 

Are you using the command "ping system" that uses the management interface to source the ping.



  The result is 

From icmp_seq=1 Destination Host Unreachable
From icmp_seq=2 Destination Host Unreachable
From icmp_seq=3 Destination Host Unreachable
From icmp_seq=4 Destination Host Unreachable
From icmp_seq=5 Destination Host Unreachable
Should I put a route or NAT?

Is the correct firewall interface plugged into the correct vlan on the switch?

Provide configuration of switch if necessary.

I havent configured Vlan . Just created one inside/ouside and tested if internet is working.

After restart all the configs are gone

The running config is

show running-config
: Saved

: Serial Number: JAD212000V8
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cor es)
NGFW Version 6.2.3
hostname firepower
enable password $sha512$5000$gtpWIvLR73EjHGxtOva39A==$EToVRxvjEwbauJioVkVgZQ== p bkdf2

interface GigabitEthernet1/1
no nameif
no security-level
no ip address
interface GigabitEthernet1/2
no nameif
no security-level
no ip address
interface GigabitEthernet1/3
no nameif
no security-level
no ip address
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
interface Management1/1
nameif diagnostic
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
no ip address
boot system disk0:/os.img
ftp mode passive
ngips conn-match vlan-id
pager lines 24
mtu diagnostic 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
no snmp-server location
no snmp-server contact
no service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
console timeout 0

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
snort preserve-connection

I was referring to the switch. If you cannot ping the gateway, then how is the switch configured?

Does the switch have the SVI - is it up? Can you ping the FTD from the switch?

Have you plugged in the correct ASA physical interface to the right vlan on the switch?

Have you tried to connect a computer directly into the FTD and access the Web GUI?

Review Cisco Networking for a $25 gift card