Chapter 43
Troubleshooting the Security Appliance
•
•
Performing Password Recovery for the ASA 5500 Series Adaptive Security
Appliance
To recover from the loss of passwords, perform the following steps:
Connect to the security appliance console port according to the
Step 1
Interface" section on page
Power off the security appliance, and then power it on.
Step 2
During the startup messages, press the Escape key when prompted to enter ROMMON.
Step 3
Step 4
To set the security appliance to ignore the startup configuration at reload, enter the following command:
rommon #1> confreg
The security appliance displays the current configuration register value, and asks if you want to change
the value:
Current Configuration Register: 0x00000011
Configuration Summary:
boot TFTP image, boot default image from Flash on netboot failure
Do you wish to change this configuration? y/n [n]:
Record your current configuration register value, so you can restore it later.
Step 5
Step 6
At the prompt, enter Y to change the value.
The security appliance prompts you for new values.
Accept the default values for all settings, except for the "disable system configuration?" value; at that
Step 7
prompt, enter Y.
Reload the security appliance by entering the following command:
Step 8
rommon #2> boot
The security appliance loads a default configuration instead of the startup configuration.
Enter privileged EXEC mode by entering the following command:
Step 9
hostname> enable
When prompted for the password, press Return.
Step 10
The password is blank.
Step 11
Load the startup configuration by entering the following command:
hostname# copy startup-config running-config
Enter global configuration mode by entering the following command:
Step 12
hostname# configure terminal
Change the passwords in the configuration by entering the following commands, as necessary:
Step 13
hostname(config)# password password
hostname(config)# enable password password
hostname(config)# username name password password
OL-10088-01
Password Recovery for the PIX 500 Series Security Appliance, page 43-8
Disabling Password Recovery, page 43-9
2-4.
"Accessing the Command-Line
Cisco Security Appliance Command Line Configuration Guide
Performing Password Recovery
43-7