cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13165
Views
35
Helpful
21
Replies

Cisco ASA 5516-X Configuration

VCsupport17
Level 3
Level 3

Hello community,

I factory reset the Cisco ASA 5516-x firewall and after booting up the interfaces goes down.

I can console the firewall but what is the command to assign IP address on the interfaces and make goes to up?

Thank you.

21 Replies 21

Marvin Rhoads
Hall of Fame
Hall of Fame

Thats expected - default configuration of an ASA is for all interfaces except management to be shutdown.

Configure an interface is simple. From enable mode, switch to configuration mode and enter the commands as follows (example values shown):

conf t
int gi0/0
nameif inside
ip address 192.168.1.1 255.255.255.0
no shut
end

..and so forth for each interface.

Hi Marvin,

Thank you for your reply and I know those basic commands for configuring the interfaces but my problem is how can i get in to that config mode?

Once I login on the ASA CLI and type "enable" under User EXEC i cannot get in to that enable mode. 

I can go direct to configure commands but i cannot find the commands for the interfaces.

From the screenshot you are in either the FirePOWER service module or an FTD-imaged device.

Please share the output of "show version" to ascertain which.

Hi Marvin,

See below output of show version:

> show version
-----------------[ firepower-int ]------------------
Model : Cisco ASA5516-X Threat Defense (75) Version 6.1.0 (B uild 330)
UUID : fd9b0e52-e48e-11e6-a721-cc4b945ff13c
Rules update version : 2016-03-28-001-vrt
VDB version : 270
----------------------------------------------------

>

As I suspected, you have FirePOWER Threat Defense (FTD) image. In this case you can use the on-box FirePOWER Device Manager (FDM) GUI to configure interfaces and all other tasks. 

There is a step-by-step guide here:

http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5508X/ftd-fdm-5508x-qsg.html

Basically, both GigabitEthernet1/2 and Management1/1 interfaces should be up by default and serve a DHCP address to a directly attached client. Browse to the 192.168.1.1 or 192.168.45.45 address (according to which of those two interfaces you plugged into) and follow the prompts of the setup wizard.

Hi Marvin,

I also expecting that the GE1/2 and Mangement 1/1 still shows up with dafault IP addresses after reset. But after resetting all ports are shutdown. The only way i can access the box now is via CLI.

Any idea how to get the ports up and running using CLI?

That's odd - seems like a bug. 

From the cli you should be able to use:

configure network ipv4 <manual ipaddr> <netmask> <gw>

The FTD command reference cover this and more here:

http://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_3.html#wp3839275562

Hi Marvin,

I escalated the problem to TAC support and to resolve the problem, we re-image the box and works fine now. Issue was the the image was corrupted.

Hi,

 

I have the same problem after firewall 5516-X reset. All ports are shutdown and there is no IP to all 8 ports and management port. 

I can only access the firewall through CLI where i can only see ">" symbol.

 

I am not able to configure IP to any port as enable is not working here.

 

Please suggest.

 

Thanks

@shashwat85 your device appears to be running the FTD image. It is configured almost exclusively via the GUI. "show managers" will show if it is the default local manager (Firepower Device Manager or FDM GUI) or a central manager (FMC). If it's the local manager, you configure it via https to the management address to call up the GUI in a browser.

Hi Marvin,

 

Please check the snapshot attached.

 

I had stuck at screen > , where i have tried to configure the IP to management port but failed.

Can you suggest the steps to configure ports IP from this step. 

 

Thanks

@shashwat85 

You did the necessary "configure network manual" step but specified your gateway address to be 192.168.0.0. Unless you have a very unusual network setup that would not normally be a valid address for your gateway.

FYI that network address will not show up in "show run". Instead you would need to use "show network".

Hi,

 

i encountered the same issue. Do you know the solution of this issue?

 

i even reset the firewall to factory defaults but still all interfaces are down and http is not accessible anymore.

 

thanks

@davicsavir22

 

Please tell us the details of your setup.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: