Difference between revisions of "Password Recovery for Cisco ASA 5500 Series"
From NesevoWiki
Jump to navigationJump to search| (35 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | * '''Step 1''' Connect to the security appliance console port according to the "Accessing the Command-Line Interface". | |
| + | * '''Step 2''' Power off the security appliance, and then power it on. | ||
| + | * '''Step 3''' During the startup messages, press the '''Escape''' key when prompted to enter ROMMON. | ||
| + | * '''Step 4''' To set the security appliance to ignore the startup configuration at reload, enter the following command: | ||
| + | |||
| + | rommon #1> confreg | ||
| + | |||
| + | The security appliance displays the current configuration register value, and asks if you want to change the value: | ||
| + | |||
| + | Current Configuration Register: 0x00000011 | ||
| + | |||
| + | Configuration Summary: | ||
| + | |||
| + | boot TFTP, image, boot default image from Flash on netboot failure | ||
| + | |||
| + | Do you wish to change this configuration? y/n [n]: | ||
| + | |||
| + | * '''Step 5''' Record your current configuration register value, so you can restore it later. | ||
| + | * '''Step 6''' At the prompt, enter '''Y''' to change the value. | ||
| + | |||
| + | The security appliance prompts you for new values. | ||
| + | |||
| + | * '''Step 7''' Accept the default values for all settings, except for the ''disable system configuration?'' value; at that prompt, enter '''Y''' | ||
| + | * '''Step 8''' Reload the security appliance by entering the following command: | ||
| + | |||
| + | rommon #2> boot | ||
| + | |||
| + | The security appliance loads a default configuration instead of the startup configuration. | ||
| + | |||
| + | * '''Step 9''' Enter privileged EXEC mode by entering the following command: | ||
| + | |||
| + | hostname> enable | ||
| + | |||
| + | * '''Step 10''' When prompted for the password, press '''Return.''' | ||
| + | |||
| + | The password is blank. | ||
| + | |||
| + | * '''Step 11''' Load the startup configuration by entering the following command: | ||
| + | |||
| + | hostname# copy startup-config running-config | ||
| + | |||
| + | * '''Step 12''' Enter global configuration mode by entering the following command: | ||
| + | |||
| + | hostname# configure terminal | ||
| + | |||
| + | * '''Step 13''' Change the passwords in the configuration by entering the following commands, as necessary: | ||
| + | |||
| + | hostname(config)# password <password> | ||
| + | hostname(config)# enable password <password> | ||
| + | hostname(config)# username <username> password <password> | ||
| + | |||
| + | * '''Step 14''' Change the configuration register to load the startup configuration at the next reload by entering the following command: | ||
| + | |||
| + | hostname(config)# config-register <value> | ||
| + | |||
| + | Where ''<value>'' is the configuration register value you noted in Step 5. 0×1 is the default configuration register. For more information about the configuration register, see the Cisco Security Appliance Command Reference. | ||
| + | |||
| + | * '''Step 15''' Save the new passwords to the startup configuration by entering the following command: | ||
| + | |||
| + | hostname(config)# copy running-config startup-config | ||
Latest revision as of 15:40, 12 January 2012
- Step 1 Connect to the security appliance console port according to the "Accessing the Command-Line Interface".
- Step 2 Power off the security appliance, and then power it on.
- Step 3 During the startup messages, press the Escape key when prompted to enter ROMMON.
- Step 4 To set the security appliance to ignore the startup configuration at reload, enter the following command:
rommon #1> confreg
The security appliance displays the current configuration register value, and asks if you want to change the value:
Current Configuration Register: 0x00000011 Configuration Summary: boot TFTP, image, boot default image from Flash on netboot failure Do you wish to change this configuration? y/n [n]:
- Step 5 Record your current configuration register value, so you can restore it later.
- Step 6 At the prompt, enter Y to change the value.
The security appliance prompts you for new values.
- Step 7 Accept the default values for all settings, except for the disable system configuration? value; at that prompt, enter Y
- Step 8 Reload the security appliance by entering the following command:
rommon #2> boot
The security appliance loads a default configuration instead of the startup configuration.
- Step 9 Enter privileged EXEC mode by entering the following command:
hostname> enable
- Step 10 When prompted for the password, press Return.
The password is blank.
- Step 11 Load the startup configuration by entering the following command:
hostname# copy startup-config running-config
- Step 12 Enter global configuration mode by entering the following command:
hostname# configure terminal
- Step 13 Change the passwords in the configuration by entering the following commands, as necessary:
hostname(config)# password <password> hostname(config)# enable password <password> hostname(config)# username <username> password <password>
- Step 14 Change the configuration register to load the startup configuration at the next reload by entering the following command:
hostname(config)# config-register <value>
Where <value> is the configuration register value you noted in Step 5. 0×1 is the default configuration register. For more information about the configuration register, see the Cisco Security Appliance Command Reference.
- Step 15 Save the new passwords to the startup configuration by entering the following command:
hostname(config)# copy running-config startup-config
