Ho trovato questa guida, testata funziona la riporto cosi com'è.
The scenario: I am unable to log into a Cisco ASA 5510 that has been in place in an office for several years. The appliance was working just fine, but I needed to amend the configuration. The login details have been lost along the way. So I have a perfectly functional firewall, but no way to log into it. So, we need a way to get into the ASA, and reset the password.
- Connect your console cable and make sure you can see the command prompt for the ASA – even if you can’t log in. You will need to stop the boot process early on, so you don’t want to
- be messing about trying to get the console to work while it’s booting, or you’ll miss your prompt, and have to start again.
- Power cycle the appliance – flick the power switch on the front off and on again.
- Watch the boot progress, and when prompted, press Esc to interrupt the boot and enter ROM Monitor mode. you should now see the rommon prompt:
- Enter the confreg command to view the current Configuration Register setting:
rommon #0> confreg
- The appliance will most probably have the default Configuration Register setting of 0x01. Answer no when it asks you if you want to change the Configuration Register setting.
- Change the Configuration Register to 0x41, which causes the appliance to bypass its saved config at boot:
rommon #1> confreg 0x41
- Reboot the appliance with the boot command:
rommon #2> boot
- The appliance bypasses its startup configuration. When it finishes booting, you should see the default prompt:
- Enter the enable command to enter Privileged Mode. The default password is blank, so when the appliance prompts you for a password, simply press return:
- Copy the startup configuration file into the running configuration with the following command:
ciscoasa# copy startup-config running-config
- You now have the saved config running, but as you are already in Privilieged mode, you are not required to enter the unknown passwords, and you are free to reset user and enable passwords as necessary.
- Enter Configuration Mode to make changes to passwords:
ciscoasa# configure terminal
- To reset the enable password to hatstand enter the command: ciscoasa(config)#enable password hatstand
- Review the configuration, looking for users with unknown passwords, updating them as necessary: ciscoasa(config)#show running-config
- Once you’ve made all the necessary changes, reset the Configuration Register to the default of 0x01:
ciscoasa(config)# config-register 0x01
- Exit from Configuration mode:
- Verify the Configuration Register settings by issuing the Show Version command:
ciscoasa# show version
- At the bottom of the output, you should see the Configuration Register settings: Configuration register is 0x41 (will be 0x1 at next reload)
- Save the settings by issuing the write command:
- Reboot the appliance:
When the appliance reboots, it will be running the original config, but with the new password that you set.