Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4771
Views
0
Helpful
5
Replies

Unable to Ping FirePOWER module

Go to solution
GRANT3779
Spotlight
Spotlight

‎05-02-2017 09:16 AM - edited ‎03-10-2019 06:50 AM

I have what must be a simple issue...

Setup is per attached. I am unable to ping the FirePOWER address from anywhere (except from the physical ASA itself).

My L3 Switch is the DG.

Some details from the FP module

----------------------[ eth0 ]----------------------
Physical Interface : eth0
Type : Management
Status : Enabled
MDI/MDIX : Auto
MTU : 1500
MAC Address : 00:D7:8F:F6:DB:AC
IPv4 Address : 10.7.225.99


eth0 Link encap:Ethernet HWaddr 00:D7:8F:F6:DB:AC
inet addr:10.7.225.99 Bcast:10.7.225.255 Mask:255.255.255.0
inet6 addr: fe80::2d7:8fff:fef6:dbac/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:136 errors:0 dropped:0 overruns:0 frame:0
TX packets:1634 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9616 (9.3 Kb) TX bytes:88297 (86.2 Kb)

> show route
Kernel IP routing table
Destination        Gateway        Genmask        Flags     Metric     Ref         Use Iface
10.7.225.0         0.0.0.0        255.255.255.0     U             0             0            0 eth0
127.0.0.            0 0.0.0.0        255.255.0.0       U           0                0           0 cplane
0.0.0.0             10.7.225.1            0.0.0.0         UG          0                0          0 eth0

I am sure the cabling/design for Management is supported from the deployment guides I have looked at.

Labels:
Preview file
28 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to GRANT3779

‎05-02-2017 10:37 PM

Your setup indeed appears correct per the guides and what I have seen working in other deployments.

I'd check the switchport and make sure there's no restriction such as port security.

Are you getting arp cache entries at each end (i.e., on the switch for .99 and module for .1)?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
singhkulbir29881
Level 4
Level 4

‎05-02-2017 11:38 AM

On Firepower module change the default gateway to ASA management  interface IP and ensure that you are inspecting the icmp traffic. By default, ASA is not inspecting ICMP traffic.

Are to able to configure Firepower module using ASDM ?

0 Helpful

Go to solution
GRANT3779
Spotlight
Spotlight
In response to singhkulbir29881

‎05-02-2017 11:56 AM

According to the guide

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

I should be able to point to a L3 interface.

This is a setup I have with other ASAs, only difference being this is a 5506. Others have been ASAs with added SSD.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to GRANT3779

‎05-02-2017 10:37 PM

Your setup indeed appears correct per the guides and what I have seen working in other deployments.

I'd check the switchport and make sure there's no restriction such as port security.

Are you getting arp cache entries at each end (i.e., on the switch for .99 and module for .1)?

0 Helpful

Go to solution
GRANT3779
Spotlight
Spotlight
In response to Marvin Rhoads

‎05-03-2017 01:06 AM

@Marvin,

I knew there was switch port security on the port (allowing 2 MACS) and did check the status yesterday which looked good... Anyways, I just removed Port Security, brought port down and up. Now all is good in the world!

Thanks for the nudge..

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to GRANT3779

‎05-03-2017 02:25 AM

GRANT3779  ,

You're welcome. Thanks for the rating.

I got lucky on my first guess today. 🙂

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card