To recover passwords for the ASA, perform the following steps:
Step 1: Connect to the ASA console port either directly or remotely if provided through OOB.
Step 2: Power off the ASA, and then power it on. Or ask engineer at remote-site to do that for you.
Step 3: After startup, press the Escape key when you are prompted to enter ROMMON mode.
Step 4: To update the configuration register value, enter the following command:
rommon #1> confreg 0x41 Update Config Register (0x41) in NVRAM... Step 5 To set the ASA to ignore the startup configuration, enter the following command: rommon #1> confreg The ASA displays the current configuration register value, and asks whether you want to change it: Current Configuration Register: 0x00000001 Configuration Summary: boot default image from Flash Do you wish to change this configuration? y/n [n]: y enable boot to ROMMON prompt? y/n [n]: enable TFTP netboot? y/n [n]: enable Flash boot? y/n [n]: select specific Flash image index? y/n [n]: disable system configuration? y/n [n]: y go to ROMMON prompt if netboot fails? y/n [n]: enable passing NVRAM file specs in auto-boot mode? y/n [n]: disable display of BREAK or ESC key prompt during auto-boot? y/n [n]: Current Configuration Register: 0x00000040 Configuration Summary: boot ROMMON ignore system configuration Update Config Register (0x40) in NVRAM...
Step 5: Reload the box
rommon #1> boot Launching BootLoader... Boot configuration file contains 1 entry. Loading disk0:/asa800-226-k8.bin... Booting...Loading... The ASA loads the default configuration instead of the startup configuration.
Step 6: Access the privileged EXEC mode by entering the following command:
ciscoasa> enable
Step 7: When prompted for the password, press Enter.
The password is blank.
Step 8: Load the startup configuration by entering the following command:
ciscoasa# copy startup-config running-config
Step 9: Access the global configuration mode by entering the following command:
ciscoasa# configure terminal
Step 10: Change the passwords, as required, in the default configuration by entering the following commands:
ciscoasa(config)# username userlogin pass mypassword pri 15 ciscoasa(config)# enable password password ciscoasa(config)# config-register 0x00000001 or ciscoasa(config)# no config-register The default configuration register value is 0x1.
Step 11: Load the default configuration by entering the following command:
Step 12: Save the new passwords to the startup configuration by entering the following command:
ciscoasa(config)# copy running-config startup-config ciscoasa# wr mem ciscoasa#reload Proceed with reload? [confirm] *** *** --- START GRACEFUL SHUTDOWN --- Shutting down isakmp Shutting down webvpn Shutting down File system *** *** --- SHUTDOWN NOW --- Rebooting....
Leave a comment