Recover password on Cisco ASA Appliance

Ever lost password OR try to re-use an long forgotten ASA? To recover passwords, perform the following steps(Tested on ASA5505):

Step 1 Connect to the security appliance console port.

Step 2 Power off the security appliance, and then power it on.

Step 3 During the startup messages, press the Esc (Escape) key when prompted to enter ROMMON.

Step 4 To set the security appliance to ignore the startup configuration at reload, enter the following command:

rommon # confreg

The security appliance displays the current configuration register value, and asks if you want to change the value:

Current Configuration Register: 0x00000011

Configuration Summary:

boot TFTP image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]:

Step 5 Record your current configuration register value, so you can restore it later.

Step 6 At the prompt, enter Y to change the value.

Step 7 Accept the default values for all settings, except for the “disable system configuration?” value; at that prompt, enter Y.

Step 8 Reload the security appliance by entering the following command:

rommon # boot

The security appliance loads a default configuration instead of the startup configuration.

Step 9 Enter privileged EXEC mode by entering the following command:

hostname# enable

Step 10 When prompted for the password, press Return.

The password is blank.

Step 11 Load the startup configuration by entering the following command:
hostname# copy startup-config running-config

Step 12 Enter global configuration mode by entering the following command:
hostname# configure terminal

Step 13 Change the passwords in the configuration by entering the following commands, as necessary:
hostname(config)# password password
hostname(config)# enable password password
hostname(config)# username name password password

Step 14 Change the configuration register to load the startup configuration at the next reload by entering the following command:
hostname(config)# config-register value

Where value is the configuration register value you noted in Step 5 and 0x1 is the default configuration register.

Step 15 Save the new passwords to the startup configuration by entering the following command:
hostname(config)# copy running-config startup-config

To revover password on Cisco IOS device, check here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s