KB ID 0001173
Problem
If you change your internal LAN addresses its easy to re-ip the firewall but what about the FirePOWER module? If you manage your SFR from the ASDM it will tell you what the IP is, but it won’t let you change it?
Solution
Change the FirePOWER Module IP Address
Log into the firewall, then open a session with the SFR module. find the physical address of the module (usually eth0, but check).
[box]
Petes-ASA# session sfr Opening command session with module sfr. Connected to module sfr. Escape character sequence is 'CTRL-^X'. GRAINGER-SFR login: admin Password:{your password} Last login: Thu Apr 7 08:11:00 UTC 2016 on pts/0 Copyright 2004-2015, Cisco and/or its affiliates. All rights reserved. Cisco is a registered trademark of Cisco Systems, Inc. All other trademarks are property of their respective owners. Cisco Linux OS v5.4.1 (build 12) Cisco ASA5506 v5.4.1 (build 211) > show interfaces --------------------[ outside ]--------------------- Physical Interface : GigabitEthernet1/1 Type : ASA Security Zone : None Status : Enabled Load Balancing Mode : N/A ---------------------[ inside ]--------------------- Physical Interface : GigabitEthernet1/2 Type : ASA Security Zone : None Status : Enabled Load Balancing Mode : N/A ---------------------[ cplane ]--------------------- IPv4 Address : 127.0.2.1 ----------------------[ eth0 ]---------------------- Physical Interface : eth0 Type : Management Status : Enabled MDI/MDIX : Auto MTU : 1500 MAC Address : 00:C8:8B:C1:0E:0C IPv4 Address : 192.168.1.100 ---------------------[ tunl0 ]---------------------- ---------------------------------------------------- >
[/box]
To change the IP you need to supply the IP address, subnet mask, default gateway, and physical interface like so;
[box]
> configure network ipv4 manual 192.168.1.99 255.255.255.0 192.168.1.1 eth0
Setting IPv4 network configuration.
Network settings changed.
[/box]
You can check its worked with a ‘show interfaces command’.
[box]
> show interfaces --------------------[ outside ]--------------------- Physical Interface : GigabitEthernet1/1 Type : ASA Security Zone : None Status : Enabled Load Balancing Mode : N/A ---------------------[ inside ]--------------------- Physical Interface : GigabitEthernet1/2 Type : ASA Security Zone : None Status : Enabled Load Balancing Mode : N/A ---------------------[ cplane ]--------------------- IPv4 Address : 127.0.2.1 ----------------------[ eth0 ]---------------------- Physical Interface : eth0 Type : Management Status : Enabled MDI/MDIX : Auto MTU : 1500 MAC Address : 00:C8:8B:C1:0E:0C IPv4 Address : 192.168.1.99 ---------------------[ tunl0 ]---------------------- ---------------------------------------------------- >
[/box]
Or you can use the ‘show interfaces {interface-name}‘ command.
[box]
> show interfaces eth0 ----------------------[ eth0 ]---------------------- Physical Interface : eth0 Type : Management Status : Enabled MDI/MDIX : Auto MTU : 1500 MAC Address : 00:C8:8B:C1:0E:0C IPv4 Address : 192.168.1.99 IPv4 Broadcast : 192.168.1.255 RX Packets : 261 RX Errors : 0 RX Drops : 0 RX Overruns : 0 RX Frame : 0 TX Packets : 214 TX Errors : 0 TX Drops : 0 TX Overruns : 0 TX Carrier : 0 Collisions : 0 ----------------------------------------------------
[/box]
Change the FirePOWER Module IP Address
This is a little more convoluted, there is a command to do this, Note: You can enter multiple servers separated by commas.
[box]
> configure network dns servers 8.8.8.8,8.8.4.4
[/box]
But you also need to restart the nscd daemon in the underlying linux, to do that you need to get into ‘expert mode’.
[box]
> expert
admin@PETES-SFR:~$ sudo /etc/rc.d/init.d/nscd restart
Password:{Enter Your Password}
Stopping nscd… [ OK ]
Starting nscd… [ OK ]
admin@PETES-SFR:~$
[/box]