Blog / Password Recovery on the Cisco ASA Protection Equipment
Friday, 16 March 2012 at 09:49
You will energy-cycle your appliance by unplugging it at the energy strip and plugging it back in. You will then interrupt the boot procedure and transform the configuration sign-up value to avoid the appliance from examining its stored configuration at boot. Because the gadget ignores its saved configuration on boot, you are able to entry its configuration modes without passwords. After you're in configuration mode, you will load the saved configuration from flash memory, alter the passwords to a known worth, alter the configuration register worth to explain to the gadget to load its saved configuration on boot, and reload the gadget.
Caution: As with all configuration procedures, these techniques ought to be examined in a laboratory natural environment prior to usage in a creation atmosphere to assure suitability for your situation.
The subsequent actions were designed making use of a Cisco ASA 5505 Safety Equipment. They are not suitable for a Cisco PIX Firewall equipment.
one. Electricity-cycle your security appliance by getting rid of and re-inserting the electricity plug at the strength strip.
two. When prompted, press Esc to interrupt the boot process and enter ROM Monitor mode. You must promptly see a rommon prompt (rommon #0>.
3. At the rommon prompt, enter the confreg command to look at the current configuration sign-up environment: rommon #0>confreg
4. The existing configuration sign-up really should be the default of 0x01 (it will in fact show as 0x00000001). The security appliance will consult if you want to make changes to the configuration register. Reply no when prompted.
five. You need to adjust the configuration sign-up to 0x41, which tells the appliance to ignore its saved (startup) configuration on boot: rommon #1>confreg 0x41
6. Reset the appliance with the boot command: rommon #2>boot
seven. Discover that the safety equipment ignores its startup configuration through the boot procedure. When it finishes booting, you really should see a generic Consumer Mode prompt: ciscoasa>
8. Enter the permit command to enter Privileged Mode. When the appliance prompts you for a password, simply press (at this level, the password is blank): ciscoasa>enable Password: ciscoasa#
9. Duplicate the startup configuration file into the operating configuration with the following command: ciscoasa#duplicate startup-config operating-config Vacation spot filename [working-config]?
ten. The beforehand saved configuration is now the active configuration, but given that the security equipment is by now in Privileged Mode, privileged access is not disabled. Subsequent, in configuration mode, enter the adhering to command to change the Privileged Mode password to a regarded value (in this situation, we'll use the password method): asa#conf t asa(config)#make it possible for password process
eleven. Though still in Configuration Mode, reset the configuration register to the default of 0x01 to force the safety equipment to read through its startup configuration on boot: asa(config)#config-sign-up 0x01
twelve. Use the subsequent commands to look at the configuration register setting: asa(config)#exit asa#demonstrate model
thirteen. At bottom of the output of the exhibit model command, you should see the subsequent statement: Configuration register is 0x41 (will be 0x1 at up coming reload)
fourteen. Right after making use of the technique recovery you may possibly need to set up the drivers and systems.
Password Recovery on the Cisco ASA Security Appliance, Addiction and Recovery - The Continuing Recovery Lifestyle Worksheet, Addiction and Recovery - The Continuing Recovery Way of life Worksheet