Reset Password in Cisco ASA Firewall

If for some reason, you are locked out of Cisco ASA firewall and don’t remember the password, then this is the procedure you should follow to recover the admin password.

Reset Password in Cisco ASA Firewall


Reset Password in Cisco ASA Firewall

Here are the steps to recover the password in Cisco ASA firewall,

Step 1: Login to Cisco ASA device with console cable and reboot the device. Power off the device and power it up back again.

Step 2: Press ‘ESC’ key or ‘BREAK’ key on the keyboard to break the boot process. Press the key as soon as the device starts. Press the key until the device gets into ROMMON mode. The prompt will look like this,

Evaluating BIOS Options ...
Invalid Key: 0000

Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008

Platform ASA5505

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.

Use ? for help.
rommon #0>
rommon #0>

As you can see rommon #> mode.

Step 3: Now, here is the trick. Type the following command to change the configuration register value to 0x41. This value instructs device to ignore the start-up config while the device boots up.

rommon #0> confreg 0x41

Update Config Register (0x41) in NVRAM...

rommon #1>

Step 4: Reboot the device. Type boot to do so.

rommon #1> boot

Step 5: When the ASA is booted, it will not ask for password. Before the ciscoasa> prompt you can see the message saying, start-up configured has been ignored. Type enable to get into privilege mode. In the password prompt, hit enter because the password is blank.

Ignoring startup configuration as instructed by configuration register.

INFO: Power-On Self-Test in process.
INFO: Power-On Self-Test complete.

Type help or '?' for a list of available commands.
ciscoasa> enable

Step 6: Copy start-up configuration file to running configuration file.

ciscoasa# copy startup-config running-config

Destination filename [running-config]?

Cryptochecksum (unchanged): b10dcb10 12202944 fee241b5 47ee01e9

3071 bytes copied in 4.920 secs (767 bytes/sec)

Step 7: Now configure the privilege level password and reset the configuration value to its original value (0x01).

ASA# conf t
ASA(config)# enable password system@123
ASA(config)# config-register 0x01
ASA(config)# wr
Building configuration...
Cryptochecksum: 4fd2bcb3 8dfb9bd5 886babde 9aff8c3d

3527 bytes copied in 1.270 secs (3527 bytes/sec)

Step 8: Now reload the device. The password reset has been successfully completed.

ASA(config)# reload
Proceed with reload? [confirm]


The following two tabs change content below.
Bipin is a freelance Network and System Engineer with expertise on Cisco, Juniper, Microsoft, VMware, and other technologies. You can hire him on UpWork . Follow Bipin Giri on Google+. Bipin enjoys writing articles and tutorials related to Network technologies. Some of his certifications are, MCSE:Messaging, JNCIP-SEC, JNCIS-ENT, and others.