This method does require physical access to the ASA, a console cable, and a machine running some terminal emulation software.
Note: This procedure is for Cisco ASA 5500-X and ASA 5500 Firewalls, for Cisco PIX go here, and Cisco Catalyst go here. The Cisco Asa 5505 configuration is tailored to providing support for virtual, private networks at a place of business. Password Recovery / Reset Procedure for ASA 5500-X/5500 Firewallsīelow is a run though on changing the Cisco ASA passwords (setting them to blank then changing them to something else). This typically is different than an individual home user who would normally just install a piece of software on his computer. Basically you boot the ASA to its very basic shell operating system ( ROMMON) then force it to reboot without loading its configuration. At this point you can load the config, without having to enter a password, manually change all the passwords, and finally set the ASA to boot properly again.īelow I’ve used both HyperTerminal and Putty to do the same thing, you can use either, or another terminal emulation piece of software, the procedure is the same.ġ. Connect to the the ASA via a console cable (settings 9600/8/None/1/None).Ģ. Reboot the ASA, and as it boots press Esc to interrupt the normal boot sequence and boot to ROMMON mode.ģ. Execute the “confreg” command and take a note of the number that’s listed (copy it to notepad to be on the safe side).Ĥ. Select specific Flash image index? y/n :ĭisable system configuration? y/n : Y <<< AND THIS ONE Select specific image in disks to boot? y/n : nĭo you wish to change this configuration? y/n : Y <<< THIS ONE Answer no to all apart from the TWO listed below:ĭo you wish to change the configuration? y/n : Y <<< THIS ONEĭisable “display break prompt”? y/n : nĮnable “ignore system configuration”? y/n : Y <<< AND THIS ONEĭisable “auto-boot image in disks”? y/n : n Answer the questions as follows ( Note: Just pressing Enter will supply the default answer). Go to ROMMON prompt if netboot fails? y/n :Įnable passing NVRAM file specs in auto-boot mode? y/n :ĭisable display of BREAK or ESC key prompt during auto-boot? y/n :ĥ.
You may notice, that the configuration register has changed, on an ASA 5500 to 0x00000040, or on an ASA5505-X to 0x00000041, to boot the firewall execute the “boot” command.Ħ. This time when the ASA boots it will start with a command, or simply a no config-register command.
0 kommentar(er)
