If for some reason, you are locked out of Cisco ASA firewall and don’t remember the password, then this is the procedure you should follow to recover the admin password.
Reset Password in Cisco ASA Firewall
Here are the steps to recover the password in Cisco ASA firewall,
Step 1: Login to Cisco ASA device with console cable and reboot the device. Power off the device and power it up back again.
Step 2: Press ‘ESC’ key or ‘BREAK’ key on the keyboard to break the boot process. Press the key as soon as the device starts. Press the key until the device gets into ROMMON mode. The prompt will look like this,
Evaluating BIOS Options ... Invalid Key: 0000 Launch BIOS Extension to setup ROMMON Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008 Platform ASA5505 Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. Boot interrupted. Use ? for help. rommon #0> rommon #0>
As you can see rommon #> mode.
Step 3: Now, here is the trick. Type the following command to change the configuration register value to 0x41. This value instructs device to ignore the start-up config while the device boots up.
rommon #0> confreg 0x41 Update Config Register (0x41) in NVRAM... rommon #1>
Step 4: Reboot the device. Type boot to do so.
rommon #1> boot
Step 5: When the ASA is booted, it will not ask for password. Before the ciscoasa> prompt you can see the message saying, start-up configured has been ignored. Type enable to get into privilege mode. In the password prompt, hit enter because the password is blank.
Ignoring startup configuration as instructed by configuration register. INFO: Power-On Self-Test in process. ........................................................... INFO: Power-On Self-Test complete. Type help or '?' for a list of available commands. ciscoasa> enable Password: ciscoasa#
Step 6: Copy start-up configuration file to running configuration file.
ciscoasa# copy startup-config running-config Destination filename [running-config]? . Cryptochecksum (unchanged): b10dcb10 12202944 fee241b5 47ee01e9 3071 bytes copied in 4.920 secs (767 bytes/sec)
Step 7: Now configure the privilege level password and reset the configuration value to its original value (0x01).
ASA# conf t ASA(config)# enable password system@123 ASA(config)# config-register 0x01 ASA(config)# wr Building configuration... Cryptochecksum: 4fd2bcb3 8dfb9bd5 886babde 9aff8c3d 3527 bytes copied in 1.270 secs (3527 bytes/sec) [OK]
Step 8: Now reload the device. The password reset has been successfully completed.
ASA(config)# reload Proceed with reload? [confirm] ASA(config)#
You may also like -
Latest posts by Bipin (see all)
- How to Disable Windows Update using Group Policy - June 27, 2019
- Backup Exchange Mailboxes to PST with Iperius Backup - April 1, 2017
- Understanding Basics of EIGRP Routing Protocol - March 26, 2017