cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11006
Views
5
Helpful
14
Replies

Cisco ASA 5545-X CX license Installation

Anish Chauhan
Level 1
Level 1

Hi All,

I'm setting up a ASA5545-X which has been purchased with CX capabilities ASA 5545-X CX AVC and Web Security Essentials 1Y (Promo) and I have a couple of issues:

The first is I've received the license that was generated through the PAK code - but I can't work out how to get this licence onto the appliance. It doesn't have a activation key but instead has a ".lic" file is presumably to be imported onto the box - but how?!! These are the instructions for installation of the licence but I'm guessing that these are CX menus.

Follow these steps to install your ASA-CX license file:
 
1.       Select Administration > Licenses.
2.       Select I want to > Upload License File.
3.       In the Upload License File panel, click Browse and select the license file from your workstation or network drive.
4.       Click Upload.

The second issue which may well be resolved when the first issue is resolved but I cannot connect to or manage the CX software module - when I manage the appliance through the ASDM there's no mention of the CX capability...

Documentation suggests that I should be able to manage the appliance via the internal management address of 192.168.1.2 but I'm unable to do so.

Any help you can provide would be greatly appreciated....

Thanks, Anish

3 Accepted Solutions

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Yes those instructions are using the PRSM (Prime Security Manager) menu GUI that runs on CX.

Verify your module is running ok - from the ASA CLI, "show module". You are looking for the cxsc module to have status "up".

If it is up and running, the you need to have the ASA physical management interface connected, up and reachable. If you're already using it for managing the ASA software, that's OK - PRSM will share it - but you'll have to adjust the default PRSM IP address accordingly. Otherwise, you can use the management port exclusively for PRSM if you desire.

In any case, you should run the CX module setup CLI script via sessioning in from the ASA CLI first. You can also do some very minimal setup by running the ASA setup wizard in ASDM and skipping through to the CX page (assuming you have a module with status "up" as I noted above,

Please have a look at the Getting Started Guide here for more info:

http://www.cisco.com/en/US/docs/security/asa/quick_start/cx/cx_qsg.html

View solution in original post

It looks like perhaps the SSD was ordered separately from the firewall or otherwise not loaded at all with CX software.

In that case, you need to follow the steps outlined in section 5 of the Getting Started Guide that I linked to above. It's not too difficult - just has it's own steps and they're laid out pretty clearly there. I've done it a couple of times and it always worked fine.

View solution in original post

The SSD is required for CX to work in the midrange 5500-X series. Without it you cannot installl CX.

For a new 5545, that means you should have purchased SKU "ASA5545-2SSD120-K9". That includes the SSD.

If for whatever reason you do not have the SSD, you will need to order one. The SKU for that would be "ASA5500X-SSD120=", which is "ASA 5512-X through 5555-X 120GB MLC SED SSD (spare)".

View solution in original post

14 Replies 14

Marvin Rhoads
Hall of Fame
Hall of Fame

Yes those instructions are using the PRSM (Prime Security Manager) menu GUI that runs on CX.

Verify your module is running ok - from the ASA CLI, "show module". You are looking for the cxsc module to have status "up".

If it is up and running, the you need to have the ASA physical management interface connected, up and reachable. If you're already using it for managing the ASA software, that's OK - PRSM will share it - but you'll have to adjust the default PRSM IP address accordingly. Otherwise, you can use the management port exclusively for PRSM if you desire.

In any case, you should run the CX module setup CLI script via sessioning in from the ASA CLI first. You can also do some very minimal setup by running the ASA setup wizard in ASDM and skipping through to the CX page (assuming you have a module with status "up" as I noted above,

Please have a look at the Getting Started Guide here for more info:

http://www.cisco.com/en/US/docs/security/asa/quick_start/cx/cx_qsg.html

Hi Marvin,

Thanks so much for your reply. It doesn't look like the module is setup at all:

ciscoasa(config)# sho module cxsc

Mod  Card Type                                    Model              Serial No.

---- -------------------------------------------- ------------------ -----------

cxsc Unknown                                      N/A                FCH*********

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version

---- --------------------------------- ------------ ------------ ---------------

cxsc 4c00.82ad.b5cd to 4c00.82ad.b5cd  N/A          N/A

Mod  SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- --------------------------

cxsc Unknown                        No Image Present Not Applicable

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

cxsc Unresponsive       Not Applicable

I'm still looking into what I need to do to get this module initialised but any help you can offer up would be greatly received!

Thanks, Anish

It looks like perhaps the SSD was ordered separately from the firewall or otherwise not loaded at all with CX software.

In that case, you need to follow the steps outlined in section 5 of the Getting Started Guide that I linked to above. It's not too difficult - just has it's own steps and they're laid out pretty clearly there. I've done it a couple of times and it always worked fine.

Hi,

 

I hope it isn´t too late, can you help me with the next:

were you capable of installing the SSD?

Can you install the license with the activation key?

 

I can not install the licence - Activation key for ASA-CX mode and I have not .lic file.

 

Hope you can help me.

 

 

Thanks.

What exactly is the status of your system?

Does "show module" indicate the cxsc is up?

Can you log into PRSM?

Thanks for answer.

 

I have access to PRSM, the AVC and WSE were active but the license expires and I haven't be able to updated the new licence.

So have you purchased a license? If so have you redeemed the PAK via the cisco.com license portal? Once you do that you will be emailed a lic file to install.

If not, you may extend the evaluation license once - the CX will need Internet access.

Hi Marvin,

Hope you are doing well. Taking advantage of this thread can I ask you for a piece of advise what can be done in my situation? I have an ASA5512X and suddenly the CX module stopped working but it worked just fine for about a year. The status of the module is unresponsive and when I try to reinstall the software on it I get the following message:

fw01# sw-module module cxsc recover configure image flash:asacx-5500x-boot-9.1.1-1-RelWithDebInfo.x86_64.img
fw01# sw-module module cxsc recover boot

Storage device not found.  Install drive and try again.
fw01# 

 

Do you think the SSD HD is damaged or the internal storage got damaged? 

Many thanks for any suggestions.

Best regards,

Remi

Anish Chauhan
Level 1
Level 1

Ah I missed that section! I must have read the management section about 20 times. :/

Looks like I'll need to do those parts at the customer site as I've had to ship the firewalls for installation!

Thanks for your help Marvin - you were a great help.

You're welcome - thanks for the rating.

Hi Marvin,

I hope you're well.  I just wanted to follow up one point with you.  We revisted this issue recently (as the implementation was put on hold until just yesterday.  However when we came to initialise the cscx card we weren't able to install the image as the device reported something along the lines of "storage device not available". And upon examining the internal swappable slots at the front of the appliance, there's no SSD's inside at all!

So I just wanted to check whether an SSD is definitely required for the CX software to work (i.e. does the card itself have any onboard storage upon which to store the image or will it simply not work without the SSD?

Thanks, Anish

The SSD is required for CX to work in the midrange 5500-X series. Without it you cannot installl CX.

For a new 5545, that means you should have purchased SKU "ASA5545-2SSD120-K9". That includes the SSD.

If for whatever reason you do not have the SSD, you will need to order one. The SKU for that would be "ASA5500X-SSD120=", which is "ASA 5512-X through 5555-X 120GB MLC SED SSD (spare)".

Great, we've just advised the customer to do so.

A massive help as always! Thanks Marvin.

You're welcome. If you're a partner, this is all covered in the "ASA-CX & PRSM Ordering & Pricing Guide" (in the partner community).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: