https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3886779#M25297 <P>Hi Marven,</P><P>&nbsp;</P><P>Thanks for your Reply</P><P>&nbsp;</P><P>i found this guide in witch it says Users from console are never locked down due to Password Expiration</P><P>&nbsp;</P><P><STRONG>Password-Policy lifetime days</STRONG></P><P>&nbsp;</P><P class="pB1_Body1">(Optional) Sets the interval in days after which passwords expire for remote users (SSH, Telnet, HTTP); <STRONG>users at the console port are never locked out due to password expiration</STRONG>. Valid values are between 0 and 65536 days. The default value is 0 days, a value indicating that passwords will never expire.</P><P class="pB1_Body1">7 days before the password expires, a warning message appears. After the password expires, system access is denied to remote users. To gain access after expiration, do one of the following:</P><UL><LI>Have another administrator change your password with the<SPAN>&nbsp;</SPAN><STRONG>username</STRONG><SPAN>&nbsp;</SPAN>command.</LI><LI>Log in to the physical console port to change your password.</LI></UL><P>&nbsp;</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/admin_management.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/admin_management.html</A></P><P>&nbsp;</P><P>I'll try it from console if not then it'll be a issue, you are right it might depends whether console login required local username/password database or not&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 09 Jul 2019 05:50:22 GMT hashimwajid1 2019-07-09T05:50:22Z https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3886732#M25295 <P>Hi&nbsp;</P><P>&nbsp;</P><P>our ASA 5515x password expired due to <STRONG>password Expiry limitation</STRONG> and unfortunately&nbsp;<STRONG>no service password-recovery</STRONG> command is enabled. is there any way we can recover password ? with or without losing existing configuration&nbsp;</P><P>&nbsp;</P><P>when we login on ASA it shows <STRONG>Password Expired</STRONG></P><P>&nbsp;</P><P>or do we have to contact with TAC ?</P><P>&nbsp;</P><P>&nbsp;</P><P>do&nbsp;password-policy lifetime command also expires Console password&nbsp; or it just work for username/password ? if we connect console on ASA then Enable password will still work ?&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 09 Jul 2019 04:18:23 GMT https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3886732#M25295 hashimwajid1 2019-07-09T04:18:23Z https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3886775#M25296 <P>Ability to use the console connection depends on whether or not you had configured it to also require the local username for authentication.</P> <P>If both the ssh and console (and ASDM) logins required authentication with local username AND that credential is expired AND the no service password-recovery feature is enabled then you will have to rebuild the configuration from scratch.</P> Tue, 09 Jul 2019 05:38:08 GMT https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3886775#M25296 Marvin Rhoads 2019-07-09T05:38:08Z https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3886779#M25297 <P>Hi Marven,</P><P>&nbsp;</P><P>Thanks for your Reply</P><P>&nbsp;</P><P>i found this guide in witch it says Users from console are never locked down due to Password Expiration</P><P>&nbsp;</P><P><STRONG>Password-Policy lifetime days</STRONG></P><P>&nbsp;</P><P class="pB1_Body1">(Optional) Sets the interval in days after which passwords expire for remote users (SSH, Telnet, HTTP); <STRONG>users at the console port are never locked out due to password expiration</STRONG>. Valid values are between 0 and 65536 days. The default value is 0 days, a value indicating that passwords will never expire.</P><P class="pB1_Body1">7 days before the password expires, a warning message appears. After the password expires, system access is denied to remote users. To gain access after expiration, do one of the following:</P><UL><LI>Have another administrator change your password with the<SPAN>&nbsp;</SPAN><STRONG>username</STRONG><SPAN>&nbsp;</SPAN>command.</LI><LI>Log in to the physical console port to change your password.</LI></UL><P>&nbsp;</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/admin_management.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/admin_management.html</A></P><P>&nbsp;</P><P>I'll try it from console if not then it'll be a issue, you are right it might depends whether console login required local username/password database or not&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 09 Jul 2019 05:50:22 GMT https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3886779#M25297 hashimwajid1 2019-07-09T05:50:22Z https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3886854#M25298 contact tac but I am not aware about a way to fix it<BR /><BR />**** remember to rate useful posts<BR /> Tue, 09 Jul 2019 07:53:59 GMT https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3886854#M25298 Mohammed al Baqari 2019-07-09T07:53:59Z https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3887519#M25299 <P>Hi&nbsp;</P><P>&nbsp;</P><P>We are able to access via Console ( it did not ask about username/passswrod and only enable password was sufficient.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P> Wed, 10 Jul 2019 07:35:21 GMT https://community.cisco.com/t5/network-security/asa-5515x-password-recovery-issue/m-p/3887519#M25299 hashimwajid1 2019-07-10T07:35:21Z