Cisco Pix & ASA
Cisco Pix & ASA - Monday, July 21, 2008 21:55 - 0 Comments
Recover password from Cisco ASA firewall
Recovering password from Cisco ASA firewall
Lost passwords on from a Cisco ASA firewall can be recovered without having to re-image the device. This procedure will only work when running version 6.0 or older, you can not recover a password from a 5.0 version. The third method can be used if you lock out due to AAA settings.
Method A – Password Reset Using a Command
1. Use the command hw-module module <module_num> password-reset in the Cisco ASA CLI.
A. Example – ciscoasa(config) #hw-module module 1 password-reset
B. Reset the password on module in slot 1?
C. Confirm
Method B – Password Reset Using ASDM
1. Open the Cisco Adaptive Security Device Manager (ASDM).
2. In the Tools dropdown list select IPS Password Reset (for aip-ssm)
3. In the Tools dropdown list select CSC Password Reset (for csc-ssm)
Method C – Password Recovery Using ROMMON from a lock out
1. During startup of the security appliance, Press ESC when prompted to enter ROMMON
2. The following command will have the appliance ignore the startup configuration.
A. Rommon #1> confreg
B.The current configuration register will be shown followed by a prompt to change
the configuration, write down your current value to use later and type {y} and press {enter}
C. Keep all settings except “Disable System Configuration?” for that enter {y} and press {enter}
D. Reboot the appliance by typing rommon #2> boot
3. Type in hostname> enable to enter privileged EXEC mode.
4. You will now be prompted for a password press {enter}
5. Type in hostname# copy startup-config running-config
6. Type in hostname# configure terminal to enter global configuration mode
7. To change the password type in the following
A. Hostname(config) # password <enter password>
B. Hostname(config) # enable password <enter password>
c. Hostname(config) # username <enter name password password>
8. Type in hostname(config) # config-register <value written down from step 2b>
9. Type in hostname(config) # copy running-config startup-config
Article written by MyComputerAid.com