Password Recovery for Cisco ASA 5500 Series

From NesevoWiki
Jump to: navigation, search
  • Step 1 Connect to the security appliance console port according to the "Accessing the Command-Line Interface".
  • Step 2 Power off the security appliance, and then power it on.
  • Step 3 During the startup messages, press the Escape key when prompted to enter ROMMON.
  • Step 4 To set the security appliance to ignore the startup configuration at reload, enter the following command:
rommon #1> confreg

The security appliance displays the current configuration register value, and asks if you want to change the value:

Current Configuration Register: 0x00000011

Configuration Summary:

 boot TFTP, image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]:
  • Step 5 Record your current configuration register value, so you can restore it later.
  • Step 6 At the prompt, enter Y to change the value.

The security appliance prompts you for new values.

  • Step 7 Accept the default values for all settings, except for the disable system configuration? value; at that prompt, enter Y
  • Step 8 Reload the security appliance by entering the following command:
rommon #2> boot

The security appliance loads a default configuration instead of the startup configuration.

  • Step 9 Enter privileged EXEC mode by entering the following command:
hostname> enable
  • Step 10 When prompted for the password, press Return.

The password is blank.

  • Step 11 Load the startup configuration by entering the following command:
hostname# copy startup-config running-config
  • Step 12 Enter global configuration mode by entering the following command:
hostname# configure terminal
  • Step 13 Change the passwords in the configuration by entering the following commands, as necessary:
hostname(config)# password <password>
hostname(config)# enable password <password>
hostname(config)# username <username> password <password>
  • Step 14 Change the configuration register to load the startup configuration at the next reload by entering the following command:
hostname(config)# config-register <value>

Where <value> is the configuration register value you noted in Step 5. 0×1 is the default configuration register. For more information about the configuration register, see the Cisco Security Appliance Command Reference.

  • Step 15 Save the new passwords to the startup configuration by entering the following command:
hostname(config)# copy running-config startup-config