cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
280
Views
10
Helpful
6
Replies

ASA 5506 Can't access To ROMMON

khalidanahi
Beginner
Beginner

Hello Everyone.

Due a technical problem (electricity), the firewall suddenly stopped and no longer wants to start, I had to reset it with ROMMON, after restarting the following message is displayed:

Rom image verified correctly


Cisco Systems ROMMON, Version 1.1.8, RELEASE SOFTWARE
Copyright (c) 1994-2015 by Cisco Systems, Inc.
Compiled Thu 06/18/2015 12:15:56.43 by builders


Current image running: Boot ROM0
Last reset cause: LocalSoft
DIMM Slot 0 : Present

Platform ASA5506 with 4096 Mbytes of main memory
MAC Address: f8:0b:cb:f8:0a:a6


INFO: PASSWORD RECOVERY functionality is disabled.
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.

WARNING: Password recovery and ROMMON command line access has been
disabled by your security policy. Answering YES below will cause ALL
configurations, passwords, images in 'disk0:' to be erased.
ROMMON command line access will be re-enabled, and a new image must be
downloaded via ROMMON.

Permanently erase 'disk0:'?Yes 

media drive disk0: not present
Attempt autoboot: "boot disk0:"
media drive disk0: not present
boot: cannot determine first file name on device "disk0:"
autoboot: All boot attempts have failed.
autoboot: Restarting the system.

I changed the SSD disk from another broken firewall, and still the same problem.

I can't access to ROMMON 

 

Help Please.

6 Replies 6

MHM Cisco World
Advisor
Advisor

Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend

@khalidanahi wrote:
INFO: PASSWORD RECOVERY functionality is disabled.

WARNING: Password recovery and ROMMON command line access has been
disabled by your security policy. Answering YES below will cause ALL
configurations, passwords, images in 'disk0:' to be erased.
ROMMON command line access will be re-enabled, and a new image must be
downloaded via ROMMON.


I hope someone has backed up the config because the person who disabled password-recovery (without realizing what it can do) deserves a medal.  

Unfortunately, the person who did this is gone, I have no config worries, I just want to start the firewall to exploit it

Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend

If you do the password-recovery, the config gets erased.

"no service password-recovery" can easily be abused by any disgruntled staff member -- Because it is comically easily to turn on.  

khalidanahi
Beginner
Beginner

!hello Everyone.

 

could someone help me

khalidanahi
Beginner
Beginner

Hello Leo 

Thank you for your reply.
Bah Yes it's easy to activate and the result can be seen.
by the way I want to start the firewall to exploit it, the config I don't care

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers