Difference between revisions of "Password Recovery for Cisco ASA 5500 Series"

From NesevoWiki
Jump to navigationJump to search
 
(32 intermediate revisions by 2 users not shown)
Line 1: Line 1:
reliable:
+
* '''Step 1''' Connect to the security appliance console port according to the "Accessing the Command-Line Interface".
from the moment that you send your first request for quote you will have your personal account manager always available for you assisting in any demands and requests you might possibly have. All the refurbished equipment we offer is fully tested in our own lab, which allows us to offer a 1 year warranty on all our equipment.
+
* '''Step 2''' Power off the security appliance, and then power it on.
 +
* '''Step 3''' During the startup messages, press the '''Escape''' key when prompted to enter ROMMON.
 +
* '''Step 4''' To set the security appliance to ignore the startup configuration at reload, enter the following command:
 +
 
 +
rommon #1> confreg
 +
 
 +
The security appliance displays the current configuration register value, and asks if you want to change the value:
 +
 
 +
Current Configuration Register: 0x00000011
 +
 +
Configuration Summary:
 +
 +
  boot TFTP, image, boot default image from Flash on netboot failure
 +
 +
Do you wish to change this configuration? y/n [n]:
 +
 
 +
* '''Step 5''' Record your current configuration register value, so you can restore it later.
 +
* '''Step 6''' At the prompt, enter '''Y''' to change the value.
 +
 
 +
The security appliance prompts you for new values.
 +
 
 +
* '''Step 7''' Accept the default values for all settings, except for the ''disable system configuration?'' value; at that prompt, enter '''Y'''
 +
* '''Step 8''' Reload the security appliance by entering the following command:
 +
 
 +
rommon #2> boot
 +
 
 +
The security appliance loads a default configuration instead of the startup configuration.
 +
 
 +
* '''Step 9''' Enter privileged EXEC mode by entering the following command:
 +
 
 +
hostname> enable
 +
 
 +
* '''Step 10''' When prompted for the password, press '''Return.'''
 +
 
 +
The password is blank.
 +
 
 +
* '''Step 11''' Load the startup configuration by entering the following command:
 +
 
 +
hostname# copy startup-config running-config
 +
 
 +
* '''Step 12''' Enter global configuration mode by entering the following command:
 +
 
 +
hostname# configure terminal
 +
 
 +
* '''Step 13''' Change the passwords in the configuration by entering the following commands, as necessary:
 +
 
 +
hostname(config)# password <password>
 +
hostname(config)# enable password <password>
 +
hostname(config)# username <username> password <password>
 +
 
 +
* '''Step 14''' Change the configuration register to load the startup configuration at the next reload by entering the following command:
 +
 
 +
hostname(config)# config-register <value>
 +
 
 +
Where ''<value>'' is the configuration register value you noted in Step 5. 0×1 is the default configuration register. For more information about the configuration register, see the Cisco Security Appliance Command Reference.
 +
 
 +
* '''Step 15''' Save the new passwords to the startup configuration by entering the following command:
 +
 
 +
hostname(config)# copy running-config startup-config

Latest revision as of 15:40, 12 January 2012

  • Step 1 Connect to the security appliance console port according to the "Accessing the Command-Line Interface".
  • Step 2 Power off the security appliance, and then power it on.
  • Step 3 During the startup messages, press the Escape key when prompted to enter ROMMON.
  • Step 4 To set the security appliance to ignore the startup configuration at reload, enter the following command:
rommon #1> confreg

The security appliance displays the current configuration register value, and asks if you want to change the value: 

Current Configuration Register: 0x00000011

Configuration Summary:

 boot TFTP, image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]:
  • Step 5 Record your current configuration register value, so you can restore it later.
  • Step 6 At the prompt, enter Y to change the value.

The security appliance prompts you for new values.

  • Step 7 Accept the default values for all settings, except for the disable system configuration? value; at that prompt, enter Y
  • Step 8 Reload the security appliance by entering the following command:
rommon #2> boot

The security appliance loads a default configuration instead of the startup configuration.

  • Step 9 Enter privileged EXEC mode by entering the following command:
hostname> enable
  • Step 10 When prompted for the password, press Return.

The password is blank.

  • Step 11 Load the startup configuration by entering the following command:
hostname# copy startup-config running-config
  • Step 12 Enter global configuration mode by entering the following command:
hostname# configure terminal
  • Step 13 Change the passwords in the configuration by entering the following commands, as necessary:
hostname(config)# password <password>
hostname(config)# enable password <password>
hostname(config)# username <username> password <password>
  • Step 14 Change the configuration register to load the startup configuration at the next reload by entering the following command:
hostname(config)# config-register <value>

Where <value> is the configuration register value you noted in Step 5. 0×1 is the default configuration register. For more information about the configuration register, see the Cisco Security Appliance Command Reference.

  • Step 15 Save the new passwords to the startup configuration by entering the following command:
hostname(config)# copy running-config startup-config
Retrieved from "http://wiki.nesevo.com/index.php?title=Password_Recovery_for_Cisco_ASA_5500_Series&oldid=2331"