ASA Deployment with ASDM
2. Edit the configuration as necessary (see below).
3. Connect to the console port of the Firepower 2100 in Appliance Mode, and enter global configuration
ciscoasa> enable
The enable password is not set. Please set it now.
Enter Password: ******
Repeat Password: ******
ciscoasa# configure terminal
4. Clear the current configuration using the clear configure all command.
5. Paste the modified configuration at the ASA CLI.
This guide assumes a factory default configuration, so if you paste in an existing configuration, some of the
procedures in this guide will not apply to your ASA.
ASA 5500-X Configuration
PAK License
Initial ASDM access
Interface IDs
Firepower 2100 in Appliance Mode Configuration
Smart License
PAK licensing is not applied when you copy and paste your
configuration. There are no licenses installed by default. Smart
Licensing requires that you connect to the Smart Licensing server
to obtain your licenses. Smart Licensing also affects ASDM or
SSH access (see below).
Remove any VPN or other strong encryption feature
configuration—even if you only configured weak encryption—if
you cannot connect to ASDM or register with the Smart Licensing
You can reenable these features after you obtain the Strong
Encryption (3DES) license.
The reason for this issue is that the ASA includes 3DES capability
by default for management access only. If you enable a strong
encryption feature, then ASDM and HTTPS traffic (like that to
and from the Smart Licensing server) are blocked. The exception
to this rule is if you are connected to a management-only interface,
such as Management 1/1. SSH is not affected.
Make sure you change the interface IDs to match the new
hardware IDs. For example, the ASA 5525-X includes
Management 0/0, and GigabitEthernet 0/0 through 0/5. The
Firepower 1120 includes Management 1/1 and Ethernet 1/1
through 1/8.
Cisco Firepower 2100 Getting Started Guide
Migrating an ASA 5500-X Configuration