Cisco ASA Password recovery

Perhaps you’ve forgotten the password to your firewall? This post will answer the question: How do I restore the password on a Cisco ASA?

Password Recovery

To recover passwords, perform the following steps:

Console into the ASA.

Reboot the ASA

Press the escape key during reboot to enter ROMMON.

Tell the firewall to ignore the startup config on next reload:
rommon #1> confreg

The following will be displayed:

Current Configuration Register: 0x00000011
Configuration Summary:
boot TFTP image, boot default image from Flash on netboot failure
Do you wish to change this configuration? y/n [n]:

Jot down the config register value for later.

Enter y to say yes.

Hit enter at each prompt to accept the default. When you get to “disable system configuration” hit y.

Reboot the ASA
rommon #2> boot

At this point the ASA should reload and completely bypass the configuration.

When the firewall reboots it will not prompt a console user for a username and the enable password is blank. Go into enable mode.

Restore the old config
copy startup-config running-config

Enter config mode and reset the password
configure terminal
enable password NEW_PASSWORD
username USER password NEW_PASSWORD

Restore the config registry to where it was to begin with. This is the number you wrote down earlier.
config-register 0x0000###

Save your config copy running-config startup-config

At this point you have regained access to the firewall and restored the config file and registry to where it before the password reset.

copy from:

Tags for tips: