cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
511
Views
0
Helpful
2
Replies

can't log into 5505 after formatting flash (LOCAL account)

millerjw
Level 1
Level 1

I have some remote ASA5505's that I am going to need to format the flash and push new code to. I have about 60 sites to do, and no remote hands(no remote console either). So I grabbed a 5505 on my dest to test the upgrade procedure. I blasted in a config identical to a remote site and got busy. The problem is that after formatting the flash, and bushing the code back, I can no longer log into the asa. SSH just times out after a minute, and console login doesn't work.

Here is the procedure I used.

login to asa via ssh

format flash:

crypto key zeroize rsa noconfirm

crypto key generate rsa general modulus 2048 noconfirm

aaa authentication ssh console LOCAL                           

aaa authentication enable console LOCAL                        

aaa authentication http console LOCAL                          

aaa authentication serial console LOCAL

enable password cisco

passwd cisco

username cisco password cisco privilege 15

ssh scopy enable

I then push asa847-k8.bin via scp from my local machine (same machine that I am currently ssh'd from)

wr mem (to copy the running-config and the reset usernames/passwords to the newly formatted flash)

At this point the new flash should have a new crypto key, asa image, and a startup-config which is identical to what it had before.

reload

The ASA boots fine. However at this point, ssh the same as before times out. So I plug in a console cable and get a username prompt. using cisco/cisco which I reset above does not work. I'm assuming for some reason the hash is messed up for my passwords... but why?

I really need some method of formatting these flash drives without having to console in since all of my sites don't have remote hands.

2 Replies 2

mvsheik123
Level 7
Level 7

Hi,

Have you tried to old pass, just in case. Also, you can reset the password using recovery procedure:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/trouble.html#wp1049302

Now, I undersand you do not have console access to remote ASAs, but I am not sure why you want to format flash on the ASA for IOS upgrade.

1. Just do ' Show disk0' to see how much space is available

2. Remove unwanted files (old IOS/asdm) from flash, ifexisting space is not sufficient for new IOS (delete disk0/:<...>).

3. Upload the new IOS.

4. Set the boot variables (boot system disk0:  and also second variable with previosly working IOS, just as precautionary)

5. Reboot the device. No need to change HASH keys etc.

hth

MS

My current flash is corrupt due to this bug.

CSCuc98398

The solution for the bug is to copy running-config off of asa to tftp server, format flash, download the new image and the running-config just copied back to the freshly formatted flash, copy flash:running-config startup-config, reload.

I've done this procedure as well, but I have the same problem. As soon as The asa reboots, I am locked out. I can ping the intefaces directly, but ssh & telnet times out on both the inside and outside interfaces, and I can no longer console in when I could imediately prior to the reboot.

-J

Review Cisco Networking for a $25 gift card