Before You Begin

Configure an ASA using ASDM.

Power On the Firewall

System power is controlled by the power cord; there is no power button.

Procedure

Step 1

Attach the power cord to the firewall, and connect it to an electrical outlet.

The power turns on automatically when you plug in the power cord.

Step 2

Check the Power LED on the back of the firewall; if it is solid green, the firewall is powered on.

Figure 1. System and Power LEDs

Step 3

Check the System LED on the back of the firewall; after it is solid green, the system has passed power-on diagnostics.

Which Application is Installed: Threat Defense or ASA?

Both applications, threat defense or ASA, are supported on the hardware. Connect to the console port and determine which application was installed at the factory.

Procedure

Step 1

Connect to the console port using either port type.

Figure 2. Console Port
Console Port

Step 2

See the CLI prompts to determine if your firewall is running threat defense or ASA.

Threat Defense

You see the firepower login (FXOS) prompt. You can disconnect without logging in and setting a new password. 


firepower login:

ASA

You see the ASA prompt.


ciscoasa>

Step 3

If you are running the wrong application, see Cisco Secure Firewall ASA and Secure Firewall Threat Defense Reimage Guide.

Access the ASA CLI

You might need to access the CLI for configuration or troubleshooting.

Procedure

Step 1

Connect to the console port using either port type.

Figure 3. Console Port
Console Port

Step 2

You connect to the ASA CLI in user EXEC mode. This mode lets you use many show commands. 


ciscoasa>

Step 3

Access privileged EXEC mode. This password-protected mode lets you perform many actions, including accessing configuration modes.

enable

You are prompted to change the password the first time you enter the enable command.

Example:


ciscoasa> enable
Password:
The enable password is not set. Please set it now.
Enter Password: ******
Repeat Password: ******
ciscoasa#

Step 4

Access global configuration mode.

configure terminal

Example:


ciscoasa# configure terminal
ciscoasa(config)#

Step 5

Access the FXOS CLI. Use this CLI for troubleshooting at the hardware level.

connect fxos [admin]

  • admin —Provides admin-level access. Without this option, you have read-only access. Note that no configuration commands are available even in admin mode.

You are not prompted for user credentials. The current ASA username is passed through to FXOS, and no additional login is required. To return to the ASA CLI, enter exit or type Ctrl-Shift-6, x.

Example:


ciscoasa# connect fxos admin
Connecting to fxos.
Connected to fxos. Escape character sequence is 'CTRL-^X'.
firepower# 
firepower# exit
Connection with FXOS terminated.
Type help or '?' for a list of available commands.
ciscoasa#

Obtain Licenses

When you bought your device from Cisco or a reseller, your licenses should have been linked to your Smart Software License account. If you don't have an account on the Smart Software Manager, click the link to set up a new account.

The ASA has the following licenses:

  • Essentials—Required

  • Security Plus—For Active/Standby failover

  • Cisco Secure Client

  1. If you need to add licenses yourself, go to Cisco Commerce Workspace and use the Search All field.

    Figure 4. License Search
    License Search

  2. Choose Products & Services from the results.

    Figure 5. Results
    Results

  3. Search for the following license PIDs.


    Note

    If a PID is not found, you can add the PID manually to your order.

    • Essentials—L-FPR1000-ASA=. Required.

    • Security Plus—L-FPR1010-SEC-PL=. The Security Plus license enables failover.