×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

fail to register SFR module

Unanswered Question
Sep 25th, 2014
User Badges:

I am failing to register my ASA with Sourcefire module. I see in the V DC that the syslog says it connected to the module successfully, but fails to authenticate

“sftunneld:sf_ssl [WARN] VerifyConnect:Failed to authenticate or to be authenticated by peer”

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Brian Clarke Wed, 10/01/2014 - 06:33
User Badges:

Verify that the key being used to configure the manager on the SFR module and the key entered when registering the SFR Module as a Device in Defense Center are the same.

Michael Antonakis Wed, 01/28/2015 - 03:37
User Badges:

Dear all,

 

I had to open a TAC about this. The problem was that, after a forced power reload of the ASAs, a file "sftunnel.conf" got corrupted. It seems that this file is responsible for the the communication service between the Manager and the SFR. If the service is down then the SFR does not listen on TCP/8305. So the TAC engineer stopped the service, deleted the corrupted file, recreated it and restarted the service. All these from the expert CLI mode of the SFR.

 

 

Oleg Tsoy Wed, 01/28/2015 - 04:18
User Badges:

Thanks a lot for information Michael.

Do you remember the process to recreate that file? 

Michael Antonakis Wed, 01/28/2015 - 05:02
User Badges:

Hello Oleg,

 

I logged the TAC engineer's session so here it is (see attached tac_session_log.txt). Though, you will need the root password to be able to perform what he did.

He sent me the text file sftunnel.conf (included in sftunnel.zip), browsed in /etc/sf/ and created the file named sftunnel.conf with vi editor, where he copy-pasted the text from the file he had sent me.

 

I hope that helps.

Oleg Tsoy Wed, 01/28/2015 - 05:10
User Badges:

Great. 

It's working!)

I had exactly the same issue.

Thanks a lot. 

 

michalis1234 Sat, 02/07/2015 - 00:17
User Badges:

It did not worked for me. I get access denied at on one point of the process. If i reimage the module, will that help? Or i will have yhe same issue?

jchorlton Sat, 02/07/2015 - 04:36
User Badges:

I re-imaged my module after suffering this problem and afterwards it worked perfectly.

michalis1234 Sat, 02/07/2015 - 09:24
User Badges:

I will do that as well, on Monday and let you know of the results!

Oleg Tsoy Sat, 02/07/2015 - 09:35
User Badges:

Hello.

Can anyone try to deny youtube.com by using sfr? 

I did such test that fail for me because it's not blocking when I try to access site using Internet Explorer. 

 

Robert Tyrrell Thu, 06/11/2015 - 11:50
User Badges:
  • Cisco Employee,

This fixed my problem.  Straight up awesome!  Thanks!

Saad Mohammad Tue, 07/28/2015 - 13:07
User Badges:

Had the same issue. Followed the instructions on how to edit in VI then pasted the attached sftunnel.conf and saved. Module registered instantly.

 

Thanks

Michael Antonakis Fri, 11/14/2014 - 04:51
User Badges:

When I try to configure the manager on the ASA SFR, it returns the following error:

"Communication channel for management interface is not configured!"

jchorlton Fri, 01/23/2015 - 08:53
User Badges:

Hi Michael,

 

Did you figure this one out?

 

I get exactly the same on my ASA SFR.

 

"Communication channel for management interface is not configured!"

 

Thanks

 

John

 

 

Oleg Tsoy Tue, 01/27/2015 - 20:06
User Badges:

Hello Jonh,

Did you resolve that problem? 
I have the same syslog message.

Actions

This Discussion

Related Content