Privacy Policy

Valutazione attuale: 5 / 5

Stella attivaStella attivaStella attivaStella attivaStella attiva

Ho trovato questa guida, testata funziona la riporto cosi com'è.

The scenario: I am unable to log into a Cisco ASA 5510 that has been in place in an office for several years. The appliance was working just fine, but I needed to amend the configuration. The login details have been lost along the way. So I have a perfectly functional firewall, but no way to log into it. So, we need a way to get into the ASA, and reset the password.

In brief, this process involves booting the appliance, and then interrupting the boot process part way through. We then change the configuration register, to force the appliance to ignore it’s saved config. The appliance then boots with a minimal basic configuration, and crucially for our needs, bypasses the unknown passwords allowing us in to reconfigure it. Once in we can load saved config and reset the passwords. We then reset the configuration register to it’s original value, and reboot the appliance – simple

  1. Connect your console cable and make sure you can see the command prompt for the ASA – even if you can’t log in. You will need to stop the boot process early on, so you don’t want to
  2. be messing about trying to get the console to work while it’s booting, or you’ll miss your prompt, and have to start again.
  3. Power cycle the appliance – flick the power switch on the front off and on again.
  4. Watch the boot progress, and when prompted, press Esc to interrupt the boot and enter ROM Monitor mode. you should now see the rommon prompt:

    rommon #0>

  1. Enter the confreg command to view the current Configuration Register setting:

    rommon #0> confreg

  2. The appliance will most probably have the default Configuration Register setting of 0x01. Answer no when it asks you if you want to change the Configuration Register setting.
  3. Change the Configuration Register to 0x41, which causes the appliance to bypass its saved config at boot:

    rommon #1> confreg 0x41

  4. Reboot the appliance with the boot command:

    rommon #2> boot

  5. The appliance bypasses its startup configuration. When it finishes booting, you should see the default prompt:


  6. Enter the enable command to enter Privileged Mode. The default password is blank, so when the appliance prompts you for a password, simply press return:

    ciscoasa> enable

  7. Copy the startup configuration file into the running configuration with the following command:

    ciscoasa# copy startup-config running-config

  8. You now have the saved config running, but as you are already in Privilieged mode, you are not required to enter the unknown passwords, and you are free to reset user and enable passwords as necessary.
  9. Enter Configuration Mode to make changes to passwords:

    ciscoasa# configure terminal

  10. To reset the enable password to hatstand enter the command: ciscoasa(config)#enable password hatstand
  11. Review the configuration, looking for users with unknown passwords, updating them as necessary: ciscoasa(config)#show running-config
  12. Once you’ve made all the necessary changes, reset the Configuration Register to the default of 0x01:

    ciscoasa(config)# config-register 0x01

  13. Exit from Configuration mode:

    ciscoasa(config)# exit

  14. Verify the Configuration Register settings by issuing the Show Version command:

    ciscoasa# show version

  15. At the bottom of the output, you should see the Configuration Register settings: Configuration register is 0x41 (will be 0x1 at next reload)
  16. Save the settings by issuing the write command:

    ciscoasa# write

  17. Reboot the appliance:

    ciscoasa# reload

    When the appliance reboots, it will be running the original config, but with the new password that you set.

C e r t i f i c a z i o n i