Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2707
Views
0
Helpful
4
Replies

ASA 5515x Password Recovery issue

Go to solution
hashimwajid1
Level 3
Level 3

‎07-08-2019 09:03 PM - edited ‎07-08-2019 09:18 PM

Hi 

 

our ASA 5515x password expired due to password Expiry limitation and unfortunately no service password-recovery command is enabled. is there any way we can recover password ? with or without losing existing configuration 

 

when we login on ASA it shows Password Expired

 

or do we have to contact with TAC ?

 

 

do password-policy lifetime command also expires Console password  or it just work for username/password ? if we connect console on ASA then Enable password will still work ? 

 

Regards

 

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-08-2019 10:38 PM

Ability to use the console connection depends on whether or not you had configured it to also require the local username for authentication.

If both the ssh and console (and ASDM) logins required authentication with local username AND that credential is expired AND the no service password-recovery feature is enabled then you will have to rebuild the configuration from scratch.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-08-2019 10:38 PM

Ability to use the console connection depends on whether or not you had configured it to also require the local username for authentication.

If both the ssh and console (and ASDM) logins required authentication with local username AND that credential is expired AND the no service password-recovery feature is enabled then you will have to rebuild the configuration from scratch.

0 Helpful

Go to solution
hashimwajid1
Level 3
Level 3
In response to Marvin Rhoads

‎07-08-2019 10:50 PM

Hi Marven,

 

Thanks for your Reply

 

i found this guide in witch it says Users from console are never locked down due to Password Expiration

 

Password-Policy lifetime days

 

(Optional) Sets the interval in days after which passwords expire for remote users (SSH, Telnet, HTTP); users at the console port are never locked out due to password expiration. Valid values are between 0 and 65536 days. The default value is 0 days, a value indicating that passwords will never expire.

7 days before the password expires, a warning message appears. After the password expires, system access is denied to remote users. To gain access after expiration, do one of the following:

  • Have another administrator change your password with the username command.
  • Log in to the physical console port to change your password.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/admin_management.html

 

I'll try it from console if not then it'll be a issue, you are right it might depends whether console login required local username/password database or not 

 

 

 

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎07-09-2019 12:53 AM

contact tac but I am not aware about a way to fix it

**** remember to rate useful posts
0 Helpful

Go to solution
hashimwajid1
Level 3
Level 3
In response to Mohammed al Baqari

‎07-10-2019 12:35 AM

Hi 

 

We are able to access via Console ( it did not ask about username/passswrod and only enable password was sufficient.

 

Regards

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card