Solved: Your cxsc_console_logs.txt

mbaker33 · ‎03-10-2014

We just installed an HA pair of ASA 5525x devices, equiped with the IPS and CX module. I know currently only one module is supported with a future software update coming that will enable the other. We are primarily concerned with CX for now so I am looking for some input on configuring it.

I have attempted to go through the procedure of shutting down the IPS, uninstalling the IPS, rebooting the ASA, and then installing the CX. However, according to the logs, the CX reload completes, but I am unable to access it from the console of the ASA. I get no login prompt or anything of the sort.

Also, I read somewhere that the HA replication does not pertain to the CX module, so we will need to use an external server in order to run PRSM and manage the CX. Does this external server need to be in the management network, since generally the Management interface is not capable of routing other subnets?

Thanks for your help.

Cheers!

Mark

Marvin Rhoads · ‎03-10-2014

Your cxsc_console_logs.txt ends with a cx module login prompt. Your modules.txt shows the CX module is in recovery state.

Did you start with a boot loader CX image or the full system image? The former (e.g., asacx-5500x-boot-9.2.1.2-69.img is the current latest build) should be used for a fresh install / reformat.

If you did, then you can proceed with completing the process. You will need to "session cxsc console" from the ASA, partition the SSD ("partition" from the cxsc prompt), and then complete the software installation ("system install ftp://<username>@<host>/<cx full system image matching the bootloader>.pkg"). Once that downloads and the install completes (takes about 5 minutes), your "show module" should indicate the cxsc is Up / Up. When it is, you can proceed with the "setup" macro from the cx console prompt.

During the setup process you will be asked to set the CX's default gateway etc. While this uses the same physcial interfaces as the ASA's management0/0, it has it's own setup and can use it to reach hosts (e.g. PRSM, ntp server, cisco.com server for WSE data and signature updates) not on the ASA management subnet. In fact, if you cannot reach external resources from the CX module (the cisco.com ones) your functionality will be severaly compromised since that is how the WSE and AVC bits keep up to date.

View solution in original post

Marvin Rhoads · ‎03-10-2014

Your cxsc_console_logs.txt ends with a cx module login prompt. Your modules.txt shows the CX module is in recovery state.

Did you start with a boot loader CX image or the full system image? The former (e.g., asacx-5500x-boot-9.2.1.2-69.img is the current latest build) should be used for a fresh install / reformat.

If you did, then you can proceed with completing the process. You will need to "session cxsc console" from the ASA, partition the SSD ("partition" from the cxsc prompt), and then complete the software installation ("system install ftp://<username>@<host>/<cx full system image matching the bootloader>.pkg"). Once that downloads and the install completes (takes about 5 minutes), your "show module" should indicate the cxsc is Up / Up. When it is, you can proceed with the "setup" macro from the cx console prompt.

During the setup process you will be asked to set the CX's default gateway etc. While this uses the same physcial interfaces as the ASA's management0/0, it has it's own setup and can use it to reach hosts (e.g. PRSM, ntp server, cisco.com server for WSE data and signature updates) not on the ASA management subnet. In fact, if you cannot reach external resources from the CX module (the cisco.com ones) your functionality will be severaly compromised since that is how the WSE and AVC bits keep up to date.

mbaker33 · ‎03-11-2014

Marvin,

Thank you! Sheepishly, I admit that I was waiting for a prompt to appear, but instead, all I had to do was type the username and password and I was OK. The fact that the log showed that it was waiting for a login and the module still showed "Recover" threw me off.

I have the system partitioned now and am FTPing the running image now.

Thanks again.

Mark

CX Install Issues