01-17-2025 06:49 AM
I have an ASA 5506 that I had ROMMON access to....
I was doing a password recovery, so was surveying the menu settings....
I'm pretty certain now I selected yes to: disable "display break prompt"?
Now I am in a position where the break key doesn't load into ROMMON anymore and just boots the image up.
But, as I don't have the password, I cannot get into any settings now.... any ideas?
Terminal program (Terraterm) is fine, esc key works with other firewalls and can get into the FW to see boot up and exec mode.
Solved! Go to Solution.
01-21-2025 03:24 AM
01-17-2025 08:42 PM
you dont show the boot up screen , but when you disable password recovery.
you should see something like this:
INFO: PASSWORD RECOVERY functionality is disabled.
WARNING: Password recovery and ROMMON command line access has been
disabled by your security policy. Answering YES below will cause ALL
configurations, passwords, images in 'disk0:' to be erased.
ROMMON command line access will be re-enabled, and a new image must be
downloaded via ROMMON.
Permanently erase 'disk0:'? no
The only way if you say "yes" to erase and then it will wipe everything including images, certs, configs etc.. if you have a backup you can recover, otherwise you are out of luck unless you can remember the password ?
have you forgotten the password ? do you have a backup ?
**Please rate helpful posts **
01-18-2025 05:03 AM
I didn't disable password recovery.
I disabled "display break prompt"... it's an option within the confreg settings.
As a result, the firewall just boots normally.... the break function doesn't work to access ROMMON.
I don't have the enable password, so cannot fix this in privileged exec mode either.
01-18-2025 04:54 AM
Please share the screen you are referring to for review.
01-18-2025 05:09 AM
I can't share the issue anymore, as I cannot access ROMMON.... the firewall just boots normally, and doesn't respond to the break function....
Piecing together from another post, this is pretty much what happened when I got into ROMMON previously..
Configuration Register: 0x00000001 Configuration Summary [ 0 ] ignore system configuration [ 1 ] auto-boot image in disks [ 2 ] console baud: 9600
do you wish to change the configuration? y/n [n]: y disable "password recovery"? y/n [n]: n disable "display break prompt"? y/n [n]: y enable "ignore system configuration"? y/n [n]: n enable "auto-boot image in disks"? y/n [n]: n change console baud rate? y/n [n]: n select specific image in disks to boot? y/n [n]: n
I rebooted and now I'm in the situation I'm in....
01-18-2025 05:15 AM
I will send you PM tonight
MHM
01-18-2025 06:09 AM
Disabling the display break prompt won't disable sending the break signal and process it. What is happening could only be caused by a delay or maybe not sending the break signal at the right time. What I would personallly try to do is to reboot the firewall and straightaway hitting the break signal continously until hopefully the device boots into ROMMON again. If that doesn't work please try with a different emulator software.
01-18-2025 11:57 AM
I have tried this...
Holding ESC key
Continuously tapping ESC key
Waiting until the first bit for the first bit of text on the screen, then hitting ESC....
Terminal software is fine... works fine with other FW's and routers, breaking into ROMMON
It's just the firewall, and has only happened since I changed this setting...
Could it be a case the time to enter the break prompt is now so quick, I'm not catching it?
01-20-2025 01:27 AM
You don't have to hold the escape key, rather pressing it continuously. I agree, it seems that you are not catching the prompt at the right time. Not sure if @Rob Ingram or @Marvin Rhoads has any other thought on this.
01-21-2025 01:12 AM
I've tried every combination numerous times now
Holding
tapping
waiting then tapping
pushing once when text appears
01-20-2025 05:05 AM
I've not seen this issue ...but then it has been quite some time since I had the occasion to watch an ASA boot from console. The BREAK or ESC key should always interrupt the boot sequence. The choice to disable display of the key choices should not affect the function of pressing the key(s).
01-21-2025 01:11 AM
it's looking more likely that it does.... or it happens so fast now that the break function doesn't make it to the ASA in time.
01-21-2025 12:07 AM
i had a 5506 lying around and i did a quick test and it did not go to ROMMON after disabling break prompt..
Will look again when i get a chance..
01-21-2025 01:10 AM - edited 01-21-2025 01:10 AM
So I'm not going crazy
I've tried it with Putty, SecureCRT, Terraterm.... all work with other FW's and routers...
Won't do it with this one.... will post screenshots later for update...
Is my 5506 essentially bricked now?
01-21-2025 01:48 AM
If you can't manage to get into the ROMMON and you have to reset the firewall to its factory default I think the 5506 does have a reset button on the back, but I'm not a 100% sure as it's been a while since I touched a 5506.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide