When inheriting used and abused customer networks it becomes necessary to reset passwords on devices the hard way from time to time. Fortunately with the Cisco ASA it’s still not all that complicated. You will see that with each step I included examples of the commands and the output along the way as well. Let’s dive right in and check out the steps!
First, reset the device by removing and re applying power. Have a console cable attached when you do this. As the system begins to boot press “ESC” to break the boot sequence.
Evaluating BIOS Options ... Launch BIOS Extension to setup ROMMON Cisco Systems ROMMON Version (1.0(12)6) #0: Mon Aug 21 19:34:06 PDT 2006 Platform ASA5505 Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. Boot in 10 seconds.
After breaking from the boot process you will be presented with the “rommon” prompt. Type “confreg” at this prompt.
Boot interrupted. Ethernet0/0 MAC Address: 001f.9e00.0001 Link is DOWN Use ? for help. rommon #0> confreg
“Confreg” will first display the current configuration register values. Please take note of these as you will want to restore this later. Additionally a wizard of sorts will start that will allow you to change the boot up parameters of the unit.
Current Configuration Register: 0x00000001 Configuration Summary: boot default image from Flash
Choose all default options with the exception of the option that says “disable system configuration?”. Be sure to select “Y” for this option. When all the options are completed you will be notified the changes have been committed.
Do you wish to change this configuration? y/n [n]: Y enable boot to ROMMON prompt? y/n [n]: enable TFTP netboot? y/n [n]: enable Flash boot? y/n [n]: select specific Flash image index? y/n [n]: disable system configuration? y/n [n]: y go to ROMMON prompt if netboot fails? y/n [n]: enable passing NVRAM file specs in auto-boot mode? y/n [n]: disable display of BREAK or ESC key prompt during auto-boot? y/n [n]: Current Configuration Register: 0x00000040 Configuration Summary: boot ROMMON ignore system configuration Update Config Register (0x40) in NVRAM...
Now, type “boot” to have the unit boot.
rommon #1> boot Launching BootLoader... Boot configuration file contains 2 entries. Loading disk0:/asa724-k8.bin... Booting... ###############################
After all of the booting messages scroll by you will be left with an essentially un configured unit. Get into enabled mode and issue the command “copy startup-config running-config”.
ciscoasa> enable ciscoasa# copy startup-config running-config
The configuration will be loaded. Now, go ahead and replaced the passwords, usernames, etc that you need to replace to gain typical access to the unit. Be sure not to exit enabled mode until you are completed. I like to use a command like this to find the user and password information I need to update:
ciscoasa# show run | inc password | user | secret
Finally, we must reset the configuration register value to the value displayed earlier. The command looked something like this for me:
ciscoasa(config)# config-register 0x00000001
To wrap things up copy the running configuration to the startup configuration. Restart the unit to ensure proper booting (to be sure you won’t find out 9 months from now after a power outage) and you should be good to go!
Additional reading about the ASA password recovery procedure or for other security appliances check out Cisco website: