08-22-2013 12:20 AM - edited 03-11-2019 07:29 PM
Hi All,
I'm setting up a ASA5545-X which has been purchased with CX capabilities ASA 5545-X CX AVC and Web Security Essentials 1Y (Promo) and I have a couple of issues:
The first is I've received the license that was generated through the PAK code - but I can't work out how to get this licence onto the appliance. It doesn't have a activation key but instead has a ".lic" file is presumably to be imported onto the box - but how?!! These are the instructions for installation of the licence but I'm guessing that these are CX menus.
Follow these steps to install your ASA-CX license file:
1. Select Administration > Licenses.
2. Select I want to > Upload License File.
3. In the Upload License File panel, click Browse and select the license file from your workstation or network drive.
4. Click Upload.
The second issue which may well be resolved when the first issue is resolved but I cannot connect to or manage the CX software module - when I manage the appliance through the ASDM there's no mention of the CX capability...
Documentation suggests that I should be able to manage the appliance via the internal management address of 192.168.1.2 but I'm unable to do so.
Any help you can provide would be greatly appreciated....
Thanks, Anish
Solved! Go to Solution.
08-22-2013 05:08 AM
Yes those instructions are using the PRSM (Prime Security Manager) menu GUI that runs on CX.
Verify your module is running ok - from the ASA CLI, "show module". You are looking for the cxsc module to have status "up".
If it is up and running, the you need to have the ASA physical management interface connected, up and reachable. If you're already using it for managing the ASA software, that's OK - PRSM will share it - but you'll have to adjust the default PRSM IP address accordingly. Otherwise, you can use the management port exclusively for PRSM if you desire.
In any case, you should run the CX module setup CLI script via sessioning in from the ASA CLI first. You can also do some very minimal setup by running the ASA setup wizard in ASDM and skipping through to the CX page (assuming you have a module with status "up" as I noted above,
Please have a look at the Getting Started Guide here for more info:
http://www.cisco.com/en/US/docs/security/asa/quick_start/cx/cx_qsg.html
08-23-2013 07:12 AM
It looks like perhaps the SSD was ordered separately from the firewall or otherwise not loaded at all with CX software.
In that case, you need to follow the steps outlined in section 5 of the Getting Started Guide that I linked to above. It's not too difficult - just has it's own steps and they're laid out pretty clearly there. I've done it a couple of times and it always worked fine.
10-17-2013 05:32 AM
The SSD is required for CX to work in the midrange 5500-X series. Without it you cannot installl CX.
For a new 5545, that means you should have purchased SKU "ASA5545-2SSD120-K9". That includes the SSD.
If for whatever reason you do not have the SSD, you will need to order one. The SKU for that would be "ASA5500X-SSD120=", which is "ASA 5512-X through 5555-X 120GB MLC SED SSD (spare)".
08-22-2013 05:08 AM
Yes those instructions are using the PRSM (Prime Security Manager) menu GUI that runs on CX.
Verify your module is running ok - from the ASA CLI, "show module". You are looking for the cxsc module to have status "up".
If it is up and running, the you need to have the ASA physical management interface connected, up and reachable. If you're already using it for managing the ASA software, that's OK - PRSM will share it - but you'll have to adjust the default PRSM IP address accordingly. Otherwise, you can use the management port exclusively for PRSM if you desire.
In any case, you should run the CX module setup CLI script via sessioning in from the ASA CLI first. You can also do some very minimal setup by running the ASA setup wizard in ASDM and skipping through to the CX page (assuming you have a module with status "up" as I noted above,
Please have a look at the Getting Started Guide here for more info:
http://www.cisco.com/en/US/docs/security/asa/quick_start/cx/cx_qsg.html
08-23-2013 02:10 AM
Hi Marvin,
Thanks so much for your reply. It doesn't look like the module is setup at all:
ciscoasa(config)# sho module cxsc
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
cxsc Unknown N/A FCH*********
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
cxsc 4c00.82ad.b5cd to 4c00.82ad.b5cd N/A N/A
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
cxsc Unknown No Image Present Not Applicable
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
cxsc Unresponsive Not Applicable
I'm still looking into what I need to do to get this module initialised but any help you can offer up would be greatly received!
Thanks, Anish
08-23-2013 07:12 AM
It looks like perhaps the SSD was ordered separately from the firewall or otherwise not loaded at all with CX software.
In that case, you need to follow the steps outlined in section 5 of the Getting Started Guide that I linked to above. It's not too difficult - just has it's own steps and they're laid out pretty clearly there. I've done it a couple of times and it always worked fine.
09-22-2014 09:09 AM
Hi,
I hope it isn´t too late, can you help me with the next:
were you capable of installing the SSD?
Can you install the license with the activation key?
I can not install the licence - Activation key for ASA-CX mode and I have not .lic file.
Hope you can help me.
Thanks.
09-22-2014 09:27 AM
What exactly is the status of your system?
Does "show module" indicate the cxsc is up?
Can you log into PRSM?
09-22-2014 09:30 AM
Thanks for answer.
I have access to PRSM, the AVC and WSE were active but the license expires and I haven't be able to updated the new licence.
09-22-2014 10:24 AM
So have you purchased a license? If so have you redeemed the PAK via the cisco.com license portal? Once you do that you will be emailed a lic file to install.
If not, you may extend the evaluation license once - the CX will need Internet access.
02-16-2015 05:54 PM
Hi Marvin,
Hope you are doing well. Taking advantage of this thread can I ask you for a piece of advise what can be done in my situation? I have an ASA5512X and suddenly the CX module stopped working but it worked just fine for about a year. The status of the module is unresponsive and when I try to reinstall the software on it I get the following message:
fw01# sw-module module cxsc recover configure image flash:asacx-5500x-boot-9.1.1-1-RelWithDebInfo.x86_64.img
fw01# sw-module module cxsc recover boot
Storage device not found. Install drive and try again.
fw01#
Do you think the SSD HD is damaged or the internal storage got damaged?
Many thanks for any suggestions.
Best regards,
Remi
08-23-2013 07:21 AM
Ah I missed that section! I must have read the management section about 20 times. :/
Looks like I'll need to do those parts at the customer site as I've had to ship the firewalls for installation!
Thanks for your help Marvin - you were a great help.
08-23-2013 07:23 AM
You're welcome - thanks for the rating.
10-17-2013 03:00 AM
Hi Marvin,
I hope you're well. I just wanted to follow up one point with you. We revisted this issue recently (as the implementation was put on hold until just yesterday. However when we came to initialise the cscx card we weren't able to install the image as the device reported something along the lines of "storage device not available". And upon examining the internal swappable slots at the front of the appliance, there's no SSD's inside at all!
So I just wanted to check whether an SSD is definitely required for the CX software to work (i.e. does the card itself have any onboard storage upon which to store the image or will it simply not work without the SSD?
Thanks, Anish
10-17-2013 05:32 AM
The SSD is required for CX to work in the midrange 5500-X series. Without it you cannot installl CX.
For a new 5545, that means you should have purchased SKU "ASA5545-2SSD120-K9". That includes the SSD.
If for whatever reason you do not have the SSD, you will need to order one. The SKU for that would be "ASA5500X-SSD120=", which is "ASA 5512-X through 5555-X 120GB MLC SED SSD (spare)".
10-18-2013 12:59 AM
Great, we've just advised the customer to do so.
A massive help as always! Thanks Marvin.
10-18-2013 07:41 AM
You're welcome. If you're a partner, this is all covered in the "ASA-CX & PRSM Ordering & Pricing Guide" (in the partner community).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: