Updating FirePOWER Module (From ASDM)
KB ID 0001348 Problem Normally I don’t like upgrading the SFR this way. But then I tend to install new firewalls set them up and walk away, so its easier (and a LOT quicker) to simply image the module to the latest version and then set it up. Like So; Re-Image and Update the Cisco FirePOWER Services Module This week I had an existing customer, who has an ASA5508-X but wasn’t using his FirePOWER, I’d installed the...
Cisco Error ‘%PHY-4-SFP_NOT_SUPPORTED’
KB ID 0001347 Problem This is another question I see getting asked a lot in forums! You see something like the following; 000032: *Sep 28 09:35:32.507 UTC: %PHY-4-SFP_NOT_SUPPORTED: The SFP in Gi3/0/50 is not supported (PNL-3750-Stack) 000033: *Sep 28 09:35:32.507 UTC: %PM-4-ERR_DISABLE: gbic-invalid error detected on Gi3/0/50, putting Gi3/0/50 in err-disable state (PNL-3750-Stack) The usual response is ‘Enable unsupported...
FirePOWER – ‘DataPlaneInterface0’ is not receiving and packets
KB ID 0001344 Problem While replacing a FirePOWER Management console, I got this error; Interface Status Interface ‘DataPlaneInterface0’ is not receiving any packets Solution A look a the health monitor showed me the same thing; Firstly, common sense dictates, that this is a live firewall and traffic is actually flowing though it? In my case the traffic simply needed to be ‘sent though’ the module. Execute...
Cisco FirePOWER User Agent – Use With the FirePOWER Management Console
KB ID 0001179 Problem FirePOWER Management Center, will give you a wealth of information on traffic/threats etc. Usually it will tell you what IP the offenders are on, but if you want to know what a USER is doing, then that means you have to look though logs see who had what IP, at what time etc. So you can install the FirePOWER User Agent on a machine, (this can be a client machine, though I usually put it on a member server). You...
Setup RANCID and ViewVC (Part Two) Adding Cisco Devices
KB ID 0001332 Problem Before on Part One we setup our RANCID and ViewVC server ready to start backing up our devices, now we will look at adding the devices, and automating the backup process. Solution To add a Cisco device you need to do TWO things*. Firstly you need to add and entry in the ‘router.db’ file that lives in the ‘Group’ folder you created back in part one. Secondly you need to add the access...
Setup RANCID and ViewVC (Part One)
KB ID 0001331 Problem There are couple of good posts out there on setting up Rancid (Really Awesome New Cisco Config Differ). Some even show you how to set it up with ViewVC (Formally ViewVCS, basically a nice web based GUI front end, that does version control and highlights differences). It does this using a system called CVS (Concurrent Version System, hence the original name.) Then I had to do some more searching to get it to back...
FirePOWER Agent – Real-Time Status ‘Unavailable’
KB ID 0001323 D Problem I was deploying a Cisco FirePOWER user agent last week, but once setup, the agent reported that the Real-Time status for SOME of the domain controllers was permanently ‘Unavailable’. Now I know you have to be patient with these things so I went and had a coffee. Still it refused to ‘go green’. Solution I addition to all the other rights and firewall rules that you normally have to check....
Cisco ASA – Gernerate RSA Keypair From ASDM
KB ID 0001322 Problem I’ve lost count of the number of times this has happened to me! Most of my colleagues prefer to use the ASDM for remote management, but if (like me) you work at command line, then sometimes people <ahem> forget to generate the RSA keypair when deploying a firewall. Then even if SSH access and AAA is setup correctly, you still can’t get in via SSH. Instead you see the following; RoyalTS and...
Updating the AnyConnect client for Deployment from the Cisco ASA 5500
KB ID 0000704 Problem Your ASA will (by default) update your AnyConnect clients to the latest client software when they connect. However you need to supply the ASA with the updated packages first. Solution 1. Download the latest AnyConnect client package, from Cisco. The one you want will have a file extension of .pkg AnyConnect 4 AnyConnect 3 2. Connect to the ASDM > Configuration > Remote Access VPN > Network (Client)...
Cisco ASA: ‘ERROR: Multiple Peers can be specified only with originate-only connections’
KB ID 0001316 Problem This week I had a client who had a head office and three satellite sites. They had old firewalls (a 5510 and 5505’s), and my firm had installed FTTC circuits, into the sites for them. My job was to reconfigure the firewalls and the site to site VPN tunnels (each site had a tunnel to the other sites), then disconnect their old ADSL connections, change the firewalls public IP, then connect to the shiny new...