cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5676
Views
45
Helpful
19
Replies

unable go to configuration mode on asa

amralrazzaz
Level 5
Level 5

hi all 

 

i have asa 3des license key and i cant add the activation key using cli because i unable to go to configuration mode (no config t command on cli ) 

 

im using FTD local managing the asa

 

EGCAI01-Firepower# show version
---------------[ EGCAI01-Firepower ]----------------
Model : Cisco ASA5516-X Threat Defense (75) Version 6.5.0 (Build 115)
UUID : 2edfecc2-e0fc-11ea-8172-ea9e617e90fb
Rules update version : 2019-08-12-001-vrt
VDB version : 309
----------------------------------------------------

amr alrazzaz
19 Replies 19

You need to check if you got the right privileges to do this. If you can't
enter config t then you don't have privileges

**** please remember to rate useful posts

so how can i get this privilege ? im the owner of this device and the only one who manage this ?

 

is there another way to install this strong encryption license on asa like tftp app or something else?

 

how can i have full privilege on my ASA ?  is there a way ?

 

amr alrazzaz

Hi,

Are using the default one or you created new one. Try to use admin login.

**** please remember to rate useful posts

this what i using the default but just changed the password 

 

Login UID Auth Access Enabled Reset Exp Warn Str Lock Max
admin 1000 Local Config Enabled No Never N/A Dis No N/A

 

how to create local admin user with full access so it can be access on enable mode and config mode ?

 

is there a way for that ?

amr alrazzaz

i have just created admin user now and is this can have the config mode?

> show user
Login UID Auth Access Enabled Reset Exp Warn Str Lock Max

 

i connected to asa via ssh with new username and password but same issue there is no config mode ?

rick 1002 Local Config Enabled No Never N/A Dis No 5

amr alrazzaz

You seem to have FTD installed on your ASA hardware. If that is the case, then you can't apply anymore any command on the box through the Lina/ASA console. Also, please note that 3des is deprecated and should not be used anymore. Your licenses to the FTD appliance should be applied through your Cisco smart account.

Marvin Rhoads
Hall of Fame
Hall of Fame

You are running Firepower Threat Defense (FTD) image version 6.5.0. That is not the ASA image.

An ASA 3DES-AES license does not apply to an appliance running FTD (whether it is ASA or Firepower hardware).

Additionally, FTD does not have a "config" command mode like ASA software does. There are a very few commands you can enter with the configuration keyword (and licensing is not among them).

I have a problem with deploying any changes to my ASA5516-X and this happen suddenly and cant change the configurations or do any changes ?? how to solve this ?

 

 

I have below weird msg when im trying to login to asa using ssh

Last login: Tue Jan 5 13:53:29 UTC 2021 from 10.246.14.222 on pts/0

Copyright 2004-2019, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.

Cisco Fire Linux OS v6.5.0 (build 4)
Cisco ASA5516-X Threat Defense v6.5.0 (build 115)

You have logged in while system startup is in progress. Please wait, some feature may be unavailable until startup is complete.

GCAI01-Firepower# show version
---------------[ EGCAI01-Firepower ]----------------
Model : Cisco ASA5516-X Threat Defense (75) Version 6.5.0 (Build 115)
UUID : 2edfecc2-e0fc-11ea-8172-ea9e617e90fb
Rules update version : 2019-08-12-001-vrt
VDB version : 309
----------------------------------------------------

 

another thing maybe it help:

i cant configure new local use with below error :

 

> configure user add munir config
Enter new password for user munir:
Confirm new password for user munir:
Couldn't connect to DB at /ngfw/usr/local/sf/lib/perl/5.10.1/SF/Permission.pm line 710.

Printing stack trace:
called from /ngfw/usr/local/sf/lib/perl/5.10.1/SF/Permission.pm (710)
called from /usr/local/sf/bin/cli_usrmgr (322)
called from /usr/local/sf/bin/cli_usrmgr (781)

amr alrazzaz

Hi @amralrazzaz 

The error messages indicates the services haven't finished starting, how long have you waited?

Regardless, the FTD is configured via the WebGUI. Have you logged into FDM to apply the configuration change?

 

HTH

@Rob Ingram hi 

 

i was rebooting the asa device and waiting for now 30 mins and then same issue ?

i can access to FTD with admin account but no changes can be applied !! 

any changes said ( Last Deployment Failed ) ---   check attached

 

 

 

 

 

 

 Rob Ingram 

amr alrazzaz

Unfortunately that screenshot doesn't provide much information, what does the see details button reveal as to the cause of the issue?

 

FYI, you appear to be running 6.5.0, you might want to consider upgrading to the latest 6.5 patch 4 or upgrading to 6.6.1 which is the gold star recommended version.

PLEASE check the attached showing more details?

 

and also why this happen to my asa ?! im just bought it since only 5 months or less and if i dont wanna go with the upgrade option ? what shall i do ? is there any solution without upgrading ?

 

also can cause this issue?

and why i cant create local user ? or delete existing one ? maybe if i delete the user and recreate again issue with gone or something?? actually i don't know !!

 

 

amr alrazzaz

That still doesn't provide any useful information, click > this should expand and provide more information and clue as to the issue.

 

6.5.0 is the first version of that FTD release, there are a lot of bugs that would have been resolved in the subsequent patches - your issue may or may not be resolvable with an upgrade, but patching would at least keep the FTD up to date.

 

All management is performed via the WebGUI, changes are not related to a specific user, so I doubt creating a new user will resolve the issue. The exact error would be displayed when you push the policy.

please check this attached pic as per ur request hope it can be useful

 

if the upgrade could not solve the issue 100% , so is there any possible way to solve issue without upgrading ?

 

how to upgrade and from where to download the recommended version? its paid or i have to pay for the new release? or i have to open TAC CASE asking for sending me the new patch ?

 

also i hope that we can solve this issue without upgrade ? shall i remove the power cable totally form ASA and back again or shall i wait like 24 hours after rebooting BECUASE OF THIS MSG APPEARS TO ME  (You have logged in while system startup is in progress. Please wait, some featur e may be unavailable until startup is complete.)
? actually dont know why its happened?? we paid a lot or money to face this kind of issues ???!!! ha

 

amr alrazzaz
Review Cisco Networking for a $25 gift card