d4nnyo
asked on
ASA 5506-X - "Firepower" edition - not what we need
Somehow I mistakenly ordered a "Firepower" edition of the Cisco ASA 5506X. This version has no apparent command-line access and I can't figure out how to set up SSH, ASDM, nor IPSec VPN. I'm stuck in a bare-bones HTTPS interface.
Also I don't see any VPN option.
Does this unit support the features I need? Can I zap it and install normal IOS 9.7? Or do I have to ship it back to the vendor?
Also I don't see any VPN option.
Does this unit support the features I need? Can I zap it and install normal IOS 9.7? Or do I have to ship it back to the vendor?
CompProbSolv
I've set up a couple of those and do believe that they have the CLI. It's accessible through the console port or through the ASDM software.
ASKER
I've logged in through console and all I'm getting is a ">" prompt that does not accept "enable" at all -- no password, no hostname no nothing, just a ">" after the CLI login with supplied default "admin."
ASKER
Also ASDM is not enabled and no visible way to enable it via the https:// browser interface.
This may help:
https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/200889-Using-ASDM-to-manage-a-FirePOWER-module.html
What happens when you run the ASDM software and try to log into the ASA?
https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/200889-Using-ASDM-to-manage-a-FirePOWER-module.html
What happens when you run the ASDM software and try to log into the ASA?
ASKER
HI CompProbSolv,
Here's what I previously posted:
- ASDM is not active on the device -- so I cannot log in with ASDM
- I cannot log in to a normal hostname prompt using console and HyperTerm -- I get stuck at a ">" prompt with no hostname
- The "enable" command does not execute from the ">" prompt
Here's what I previously posted:
- ASDM is not active on the device -- so I cannot log in with ASDM
- I cannot log in to a normal hostname prompt using console and HyperTerm -- I get stuck at a ">" prompt with no hostname
- The "enable" command does not execute from the ">" prompt
ASKER
To clarify, it looks like we bought a "Firepower Threat Defense" edition. Can this be converted to a "regular" ASA 5506?
If you're following the Quick Start:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5506X/ftd-fmc-5506x-qsg.html
and neither method (SSH or console) gives you the output described there, then I'd suggest that you have a defective ASA.
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5506X/ftd-fmc-5506x-qsg.html
and neither method (SSH or console) gives you the output described there, then I'd suggest that you have a defective ASA.
ASKER
Our setup process is as described in the documentation.
Can anyone tell me whether completing the token process will result in a fully-manageable firewall?
Can anyone tell me whether completing the token process will result in a fully-manageable firewall?
Going from memory here, I believe it leaves out setting up the default gateway. Once that is done, the firewall should be functional and manageable. That is, the first port is set up as outside, the second is inside, the others are disabled. You should be able to configure whatever it supports from there either by ASDM or CLI.
ASKER
There is a procedure for erasing the FTD in ROMMON and replacing with ASA:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html
The line I'm stuck on is this:
"Ensure that you have a stable connection between the ASA and the TFTP server to avoid packet loss."
Is this possible in ROMMON? I cant find anything about how to do this. I won't erase the disk without ensuring that I can recover from TFTP.
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html
The line I'm stuck on is this:
"Ensure that you have a stable connection between the ASA and the TFTP server to avoid packet loss."
Is this possible in ROMMON? I cant find anything about how to do this. I won't erase the disk without ensuring that I can recover from TFTP.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.