Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1900
Views
0
Helpful
2
Replies

SSH & HTTPS issue on Firepower 4100

Jenny11
Level 1
Level 1

‎08-27-2021 03:25 AM

Hello
I am facing an issue with SSH/HTTPS management access on a Firepower 4100.  After un-boxing the device, I consoled in and ran through the initial setup.  I assigned the IP, subnet, hostname, default gateway, and IP blocks on the interface.  I am able to ping the chassis mgmt interface from a laptop on the same subnet.  From my laptop, I use putty to SSH in, I get a response, but using the same credentials that work for console access, it says access denied.  I can confirm that my IP is in the IP block list on the private subnet of: 10.200.1.x/24

 

cisco1.pngcisco2.png

 

When I attempt to access the 4100 via https, I get the login page, but my credentials that work for console access, do not work for web access:

cisco3.png

The only network connectivity that I have to the appliance is to the chassis mgmt port.  I simply want SSH and/or HTTPS access.  I tried creating a 2nd admin user.  I have the same issue with that account.


Is there something simple that I am missing to SSH/HTTPS into the chassis management port?  I'm on version 2.4(1.101).  I have followed the https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp4100/firepower-4100-gsg/chassis_setup/promokodik.net     According to the doc, after the initial configuration, one should be able to SSH in to the appliance. 

Labels:
0 Helpful
2 Replies 2

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-27-2021 05:44 AM

Hi @Jenny11,

This is a standard procedure, so everything you did looks fine to me. Yes, you should be able to authenticate with same account to SSH/Web/Console.

Try checking your users from console access with:

scope security

 show local-user

 show local-user user detail

Also, please check your authentication configuration:

scope security

 show authentication

Third option could be to try and reduce your password complexity, and try with something simple (perhaps some special character is not parsing properly, or causing troubles).

scope security

 set enforce-strong-password no

 commit

 set password

Finally, you are running really old FXOS version, so you should upgrade to more recent one (you might be hitting some bug from older releases).

BR,

Milos

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-28-2021 08:43 PM

I've had issues with 4100 and 9300 series not liking the strong password I used ( I did NOT select enforce strong password during bootstrap) and thus blocking logon via ssh or FCM subsequent to bootstrapping via console.

My work around was to go back in and do the console-based password recovery procedure choosing a not quite so strong password. Then, once I was able to login via ssh, I was able to go back to the original strong password.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card