All those 'back ground'

pgamage · ‎02-05-2016

I am trying to add ASA5508 to the firesight but failing.

show netstat displays established session with DNS server.

But with powersight, it is SYN_SENT

My powersight is in the inside interface.

show int ip br indicates the management 1/1 is in down/down state.

powerpower version 5.4.1

powersight version 6.0.0

> show netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 1 172.16.222.24:50346 172.16.22.25:8305 SYN_SENT < form firesight

udp 0 0 172.16.222.24:49151 172.16.22.32:53 ESTABLISHED <with DNS server

I will post configs and other show outputs necessary.

Can somebody help me please?

show interface in the firepower module

System> show interfaces
----------------------[ eth0 ]----------------------
Physical Interface : eth0
Type : Management
Status : Enabled
MDI/MDIX : Auto
MTU : 1500
MAC Address : EC:BD:1D:5F:A8:38
IPv4 Address : 172.16.22.24

ASA# sh int ip br
Management1/1 unassigned YES unset down down

Aastha Bhardwaj · ‎02-05-2016

Hi,

You would definitely need to get the Management interface on ASA up and running because all the packets from SFR .

Check this : http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

Are yo able to ping the Firesight manager from SFR and vice a versa ?

Regards,

Aastha Bhardwaj

Rate if that helps!!!

pgamage · ‎02-05-2016

Thanks, Plugged a cable to the Management 0/0 and everythign started to work. I wrongly thought M0/0 is software only as my power power is a software module.

Marvin Rhoads · ‎02-05-2016

I agree with Aastha's recommendations.

Also check the sfr module status from the ASA:

show module sfr details

Here's what a healthy module should look like:

ciscoasa# show module sfr details 
Getting details from the Service Module, please wait...

Card Type: FirePOWER Services Software Module
Model: ASA5506
Hardware version: N/A
Serial Number: JAD192903QT
Firmware version: N/A
Software version: 6.0.0-1005
MAC Address Range: 5897.bd27.8360 to 5897.bd27.8360
App. name: ASA FirePOWER
App. Status: Up
App. Status Desc: Normal Operation
App. version: 6.0.0-1005
Data Plane Status: Up
Console session: Ready
Status: Up
DC addr: 192.168.107.220 
Mgmt IP addr: 10.0.128.21 
Mgmt Network mask: 255.255.255.0 
Mgmt Gateway: 10.0.128.1 
Mgmt web ports: 443 
Mgmt TLS enabled: true 
ciscoasa#

ciscoasa# sh int ip br
Interface IP-Address OK? Method Status Protocol
Virtual0 127.1.0.1 YES unset up up 
GigabitEthernet1/1 10.0.129.1 YES CONFIG up up 
GigabitEthernet1/2 10.0.131.1 YES CONFIG up up 
GigabitEthernet1/3 10.0.130.1 YES CONFIG up up 
GigabitEthernet1/4 unassigned YES unset administratively down down
GigabitEthernet1/5 unassigned YES unset administratively down down
GigabitEthernet1/6 unassigned YES unset administratively down down
GigabitEthernet1/7 unassigned YES unset administratively down down
GigabitEthernet1/8 unassigned YES unset administratively down down
Internal-Control1/1 127.0.1.1 YES unset up up 
Internal-Data1/1 unassigned YES unset up up 
Internal-Data1/2 unassigned YES unset up up 
Internal-Data1/3 unassigned YES unset up up 
Management1/1 unassigned YES unset up up 
ciscoasa# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.


labsfr login: admin
Password: 
Last login: Thu Dec 3 02:24:36 UTC 2015 on ttyS1

Copyright 2004-2015, Cisco and/or its affiliates. All rights reserved. 
Cisco is a registered trademark of Cisco Systems, Inc. 
All other trademarks are property of their respective owners.

Cisco Fire Linux OS v6.0.0 (build 258)
Cisco ASA5506 v6.0.0 (build 1005)

> show netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State 
tcp 0 0 127.0.2.1:7000 127.0.1.1:1385 ESTABLISHED 
tcp 0 0 10.0.128.21:57169 192.168.107.220:8305 ESTABLISHED 
tcp 0 0 10.0.128.21:8305 192.168.107.220:55172 ESTABLISHED 
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path

<snip>

> 
> show interfaces
--------------------[ outside ]---------------------
Physical Interface : GigabitEthernet1/1
Type : ASA
Security Zone : Lab_ASA_Outside
Status : Enabled
Load Balancing Mode : N/A
---------------------[ inside ]---------------------
Physical Interface : GigabitEthernet1/2
Type ASA
Security Zone : Lab_ASA_Inside
Status : Enabled
Load Balancing Mode : N/A
----------------------[ dmz ]-----------------------
Physical Interface : GigabitEthernet1/3
Type : ASA
Security Zone Lab_ASA_DMZ
Status : Enabled
Load Balancing Mode : N/A
---------------------[ cplane ]---------------------
IPv4 Address : 127.0.2.1
----------------------[ eth0 ]----------------------
Physical Interface : eth0
Type : Management
Status : Enabled
MDI/MDIX : Auto
MTU : 1500
MAC Address : 58:97:BD:27:83:60
IPv4 Address : 10.0.128.21
----------------------[ tun1 ]----------------------
IPv6 Address : fdcc::bd:0:ffff:a9fe:1/64
---------------------[ tunl0 ]---------------------
----------------------------------------------------

> exit


labsfr login: 
Escape Sequence detected
Console session with module sfr terminated.
ciscoasa#

pgamage · ‎02-05-2016

All those 'back ground' checkings are really useful. This level of focus definetly lead to solution doent matter how complex it is. really appriciated.

Unable to add powerfire to powersight