Next, in configuration mode, enter the following command to change the Privileged Mode password to a known value (in this case, we'll use the password system): asa#conf t asa(config)#enable password systemġ1. The previously saved configuration is now the active configuration, but since the security appliance is already in Privileged Mode, privileged access is not disabled.
Copy the startup configuration file into the running configuration with the following command: ciscoasa#copy startup-config running-config Destination filename ?ġ0. When the appliance prompts you for a password, simply press (at this point, the password is blank): ciscoasa>enable Password: ciscoasa#ĩ. Enter the enable command to enter Privileged Mode. When it finishes booting, you should see a generic User Mode prompt: ciscoasa>Ĩ. Notice that the security appliance ignores its startup configuration during the boot process. Reset the appliance with the boot command: rommon #2>bootħ. You must change the configuration register to 0x41, which tells the appliance to ignore its saved (startup) configuration upon boot: rommon #1>confreg 0x41Ħ. The security appliance will ask if you want to make changes to the configuration register. The current configuration register should be the default of 0x01 (it will actually display as 0x00000001). At the rommon prompt, enter the confreg command to view the current configuration register setting: rommon #0>confregĤ. You should immediately see a rommon prompt (rommon #0>. When prompted, press Esc to interrupt the boot process and enter ROM Monitor mode. Power-cycle your security appliance by removing and re-inserting the power plug at the power strip.Ģ. They are not appropriate for a Cisco PIX Firewall appliance.ġ.
The following steps were designed using a Cisco ASA 5505 Security Appliance. Once you're in configuration mode, you will load the saved configuration from flash memory, change the passwords to a known value, change the configuration register value to tell the device to load its saved configuration on boot, and reload the device.Ĭaution: As with all configuration procedures, these procedures should be tested in a laboratory environment prior to usage in a production environment to ensure suitability for your situation.
Since the device ignores its saved configuration on boot, you are able to access its configuration modes without passwords. You will then interrupt the boot process and change the configuration register value to prevent the appliance from reading its stored configuration at boot. You will power-cycle your appliance by unplugging it at the power strip and plugging it back in. This procedure requires physical access to the device. Instead, you will gain access to the appliance via the console port and reset the password(s) to known values. Today, such passwords are encrypted and not actually recoverable. The more commonly used term for this procedure is "password recovery" which is left over from the days when you could actually view passwords in configuration files in plain text.
#CISCO ASA 5505 MANUAL HOW TO#
In this article, I'll explain how to perform a password "reset" on your Cisco ASA security appliance. Password Recovery on the Cisco ASA Security Appliance
0 kommentar(er)
