Escolar Documentos
Profissional Documentos
Cultura Documentos
ASA Management
When you deploy the ASA, you can pre-configure a management interface and management client information,
so that the deployed ASA allows ASDM access from that client.
You can also access the ASA CLI from the Firepower 4100 CLI using an internal Telnet connection. From within
the ASA, you can later configure SSH or Telnet access over any of its management or data interfaces.
Note: See Licensing Requirements for the ASA for Firepower 4100, page 1 for licensing requirements for ASDM
access.
1
Cisco ASA for Firepower 4100 Quick Start Guide
ASAConfigure all license entitlements in the ASA, including the required Standard tier license. Other optional
licenses are also available. The Strong Encryption license is automatically enabled for qualified customers
when you apply the registration token on the Firepower 4100, so no additional action is required.
Note: For Smart Software Manager satellite deployments, before you can use ASDM (and features such as VPN)
you must enable the Strong Encryption (3DES/AES) license by requesting the entitlement within the ASA software.
You must perform this task from the ASA CLI, which is accessible from the FXOS CLI. For an evaluation license,
you cannot receive a Strong Encryption license.
Configure Interfaces
Configure a Management-type interface on the Firepower 4100 that you can include in the deployment
configuration for the ASA. You must also configure at least one Data-type interface. For a cluster, you need to add
at least one member interface to the Port-Channel 48 Cluster-type interface that acts as the cluster control link
between chassis.
Procedure
1. In the Firepower Chassis Manager, choose Interfaces to open the Interfaces page.
2. To add an EtherChannel:
a. Click Add Port Channel.
b. For the Port Channel ID, enter a value between 1 and 47.
d. For the Type, choose Management or Data. You can only include one management interface. Do not
choose Cluster.
f. Click OK.
3. To add a single interface:
a. Click the Edit icon in the interface row to open the Edit Interface dialog box.
b. Check Enable.
c. For the Type, click Management or Data. You can only include one management interface.
d. Click OK.
4. To add a member to Port-Channel 48 for the cluster control link:
a. Click the Edit icon in the interface row to open the Edit Interface dialog box.
b. Select an interface from the Available Interface window, and click Add Interface. Repeat for additional
interfaces if needed; you need a minimum of one interface.
c. Click OK.
2
Cisco ASA for Firepower 4100 Quick Start Guide
3
Cisco ASA for Firepower 4100 Quick Start Guide
13. Click Save. The Firepower 4100 deploys the logical device by downloading the specified software version and
pushing the bootstrap configuration and management interface settings to the security engine.
14. Add the next chassis to the cluster:
a. On the first chassis Firepower Chassis Manager, click the Show Cluster Details icon at the top right.
c. Connect to the Firepower Chassis Manager on the next chassis, and add a logical device according to this
procedure.
e. Click the Copy config check box, and click OK. If you uncheck this check box, you must manually enter
the settings to match the first chassis configuration.
f. In the Copy Cluster Details box, paste in the cluster configuration from the first chassis, and click OK.
g. Click the device icon in the center of the screen. The cluster information is pre-filled, except for the Chassis
ID; enter a unique chassis ID, and click OK.
h. Click Save.
Procedure
1. Connect to the primary Firepower 4100 CLI; for example, connect to the console port or use SSH to the
Firepower Management interface.
2. Connect to the ASA:
connect module 1 console
Example:
4
Cisco ASA for Firepower 4100 Quick Start Guide
5
Cisco ASA for Firepower 4100 Quick Start Guide
4. Smart Software Manager Satellite: Request the Strong Encryption (3DES/AES) License
Version : 9.6(1)
Serial No.: FCH19057ML0
CCL IP : 127.2.4.1
CCL MAC : 0015.c500.020f
Last join : 20:19:57 UTC Nov 4 2015
Last leave: 20:24:55 UTC Nov 4 2015
If a different chassis is the primary unit, exit the connection and connect to the correct chassis. See below for
information about exiting the connection.
Procedure
1. Access the ASA CLI. See 3. Access the ASA CLI, page 4.
2. Enter license smart configuration mode:
license smart
Example:
ciscoasa(config)# license smart
ciscoasa(config-smart-lic)#
3. Set the feature tier:
feature tier standard
Only the standard tier is available. A tier license is a prerequisite for adding other feature licenses.
4. Request the Strong Encryption license, and optionally other features:
Strong Encryption (3DES/AES)
feature strong-encryption
Carrier (Diameter, GTP/GPRS, SCTP)
feature carrier
Security Contexts
feature context <1-248>
5. Save the configuration:
write memory
6. Exit the console connection by typing ~. You exit to the Telnet application. Enter quit to exit to the Firepower
4100 CLI.
6
Cisco ASA for Firepower 4100 Quick Start Guide
5. Launch ASDM
5. Launch ASDM
ASDM includes many easy-to-use Wizards as well as a complete suite of individual ASA feature configuration
tools.
Procedure
1. On the computer connected to the management interface that you assigned to the ASA, launch a web
browser.
2. In the Address field, enter the following URL: https://ip_address/admin. The ip_address is the one you set for
the management interface when you deployed the ASA. The Cisco ASDM web page appears.
3. Click one of the available options: Install ASDM Launcher, Run ASDM, or Run Startup Wizard.
4. Follow the onscreen instructions to launch ASDM according to the option you chose. The Cisco ASDM-IDM
Launcher appears.
Note: If you click Install ASDM Launcher, for some Java 7 versions you need to install an identity certificate
for the ASA according to Install an Identity Certificate for ASDM.
5. Leave the username and password fields empty, and click OK. The main ASDM window appears.
6. Where to Go Next
You can find links to all ASA/ASDM documentation at Navigating the Cisco ASA Series Documentation.
See all FXOS Chassis documentation.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To
view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property
of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other
company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command
display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in
illustrative content is unintentional and coincidental.
2016 Cisco Systems, Inc. All rights reserved.
7
Cisco ASA for Firepower 4100 Quick Start Guide
6. Where to Go Next