Difference between revisions of "Password Recovery for Cisco ASA 5500 Series"

From NesevoWiki
Jump to navigationJump to search
 
(30 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Step 1 Connect to the security appliance console port according to the "Accessing the Command-Line Interface".
+
* '''Step 1''' Connect to the security appliance console port according to the "Accessing the Command-Line Interface".
 +
* '''Step 2''' Power off the security appliance, and then power it on.
 +
* '''Step 3''' During the startup messages, press the '''Escape''' key when prompted to enter ROMMON.
 +
* '''Step 4''' To set the security appliance to ignore the startup configuration at reload, enter the following command:
  
Step 2 Power off the security appliance, and then power it on.
+
rommon #1> confreg
  
Step 3 During the startup messages, press the Escape key when prompted to enter ROMMON.
+
The security appliance displays the current configuration register value, and asks if you want to change the value:
  
Step 4 To set the security appliance to ignore the startup configuration at reload, enter the following command:
+
Current Configuration Register: 0x00000011
 +
 +
Configuration Summary:
 +
 +
  boot TFTP, image, boot default image from Flash on netboot failure
 +
 +
Do you wish to change this configuration? y/n [n]:
 +
 
 +
* '''Step 5''' Record your current configuration register value, so you can restore it later.
 +
* '''Step 6''' At the prompt, enter '''Y''' to change the value.
 +
 
 +
The security appliance prompts you for new values.
 +
 
 +
* '''Step 7''' Accept the default values for all settings, except for the ''disable system configuration?'' value; at that prompt, enter '''Y'''
 +
* '''Step 8''' Reload the security appliance by entering the following command:
 +
 
 +
rommon #2> boot
 +
 
 +
The security appliance loads a default configuration instead of the startup configuration.
 +
 
 +
* '''Step 9''' Enter privileged EXEC mode by entering the following command:
 +
 
 +
hostname> enable
 +
 
 +
* '''Step 10''' When prompted for the password, press '''Return.'''
 +
 
 +
The password is blank.
 +
 
 +
* '''Step 11''' Load the startup configuration by entering the following command:
 +
 
 +
hostname# copy startup-config running-config
 +
 
 +
* '''Step 12''' Enter global configuration mode by entering the following command:
 +
 
 +
hostname# configure terminal
 +
 
 +
* '''Step 13''' Change the passwords in the configuration by entering the following commands, as necessary:
 +
 
 +
hostname(config)# password <password>
 +
hostname(config)# enable password <password>
 +
hostname(config)# username <username> password <password>
 +
 
 +
* '''Step 14''' Change the configuration register to load the startup configuration at the next reload by entering the following command:
 +
 
 +
hostname(config)# config-register <value>
 +
 
 +
Where ''<value>'' is the configuration register value you noted in Step 5. 0×1 is the default configuration register. For more information about the configuration register, see the Cisco Security Appliance Command Reference.
 +
 
 +
* '''Step 15''' Save the new passwords to the startup configuration by entering the following command:
 +
 
 +
hostname(config)# copy running-config startup-config

Latest revision as of 14:40, 12 January 2012

  • Step 1 Connect to the security appliance console port according to the "Accessing the Command-Line Interface".
  • Step 2 Power off the security appliance, and then power it on.
  • Step 3 During the startup messages, press the Escape key when prompted to enter ROMMON.
  • Step 4 To set the security appliance to ignore the startup configuration at reload, enter the following command:
rommon #1> confreg

The security appliance displays the current configuration register value, and asks if you want to change the value:

Current Configuration Register: 0x00000011

Configuration Summary:

 boot TFTP, image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]:
  • Step 5 Record your current configuration register value, so you can restore it later.
  • Step 6 At the prompt, enter Y to change the value.

The security appliance prompts you for new values.

  • Step 7 Accept the default values for all settings, except for the disable system configuration? value; at that prompt, enter Y
  • Step 8 Reload the security appliance by entering the following command:
rommon #2> boot

The security appliance loads a default configuration instead of the startup configuration.

  • Step 9 Enter privileged EXEC mode by entering the following command:
hostname> enable
  • Step 10 When prompted for the password, press Return.

The password is blank.

  • Step 11 Load the startup configuration by entering the following command:
hostname# copy startup-config running-config
  • Step 12 Enter global configuration mode by entering the following command:
hostname# configure terminal
  • Step 13 Change the passwords in the configuration by entering the following commands, as necessary:
hostname(config)# password <password>
hostname(config)# enable password <password>
hostname(config)# username <username> password <password>
  • Step 14 Change the configuration register to load the startup configuration at the next reload by entering the following command:
hostname(config)# config-register <value>

Where <value> is the configuration register value you noted in Step 5. 0×1 is the default configuration register. For more information about the configuration register, see the Cisco Security Appliance Command Reference.

  • Step 15 Save the new passwords to the startup configuration by entering the following command:
hostname(config)# copy running-config startup-config