Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5020
Views
0
Helpful
6
Replies

Unable to ping from and to FirePower

alex.vue
Level 1
Level 1

‎03-15-2016 11:25 AM - edited ‎02-21-2020 05:45 AM

Hi all,

I have a 5525x and wanted to setup the FirePower that comes with the ASA. I have read and followed the Cisco installation guide, but I am unable to access the FirePower module on the ASA. What I have done;

1. Installed FireSight Mangement --- (can ping internet, inside FW interface, and other host on a different subnet.)

2. FirePower module is configured with the same IP subnet as the inside firewall interface.

3. Management interface 'no nameif', no IP, and enabled on the same vlan as the inside interface.

FireSight Mgmt server is on VLAN101.

Management PC is on VLAN0101.

Inside FW interface is on VLAN2 (IP 192.168.2.251/24)

SFR is on VLAN2 (IP 192.168.2.249/24)

I am stuck, please help.

-Alex

Preview file
39 KB
Preview file
14 KB
0 Helpful
6 Replies 6

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-15-2016 11:30 AM

The Firepower module uses the external physical "Management" interface on the ASA.  Have you got this interface plugged in?

0 Helpful

alex.vue
Level 1
Level 1
In response to Philip D'Ath

‎03-15-2016 11:33 AM

Yes, It is plugged in. Switch port is configured VLAN2. The interface status shows up/up.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to alex.vue

‎03-15-2016 11:45 AM

And you have definitely loaded FirePower software onto the module, or have logged into the module to verify that there is software installed on it?

0 Helpful

alex.vue
Level 1
Level 1
In response to Philip D'Ath

‎03-15-2016 11:51 AM

Yes sir.

FYI, I can login from the Actually Firewall console, but I cannot login using its real ip.

For example,

- Login 192.168.2.251

- session sfr

Preview file
15 KB
0 Helpful

alex.vue
Level 1
Level 1
In response to Philip D'Ath

‎03-15-2016 02:18 PM

I just want to update on the issue. I have placed a test machine on the same network as the SourceFire and I was able to access it. I am still unable to access from other VLAN.

Again, I can access the Firewall from other vlan which is on the same network as the SourceFire. But, I cannot access the SourceFire.

Thanks.

0 Helpful

alex.vue
Level 1
Level 1
In response to Philip D'Ath

‎03-15-2016 11:45 AM

Log is also showing denied TCP inbound connection from the module IP to the FireSight mgmt. Server. I am not sure why it's being denied. ACL for Inside interface is configured by default to permit any to the lower security zone. I have also enabled the 'enable traffic between two or more interface which are configured with same security levels'.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card