I recently ran into a telnet, console, and enable password issue that was unexpected and I am hoping someone can explain what happened.
I had two working Cisco ASA 5505's that were two end-points of a Site-to-Site VPN. I had used the ASDM file management tools to copy disk0 startup-config.cfg to a file named old-startup-config.cfg on disk0, on both ASA systems, and I wanted those two files to function as good working startup-config backups that I could return to, right there on the firewall, if I had to. I also used the ASDM file management tools to make configuration "zip" backups to my local computer. I am aware that the actual startup-config file is some type of hidden file.
I had made some changes to both Cisco ASA 5505s, but no password changes, and everything was working great and was reloading great. Then, I suddenly found that I needed to revert back to the old working configurations that I had backed up previously. I used the ASDM file management tools to copy old-startup-config.cfg back to startup-config.cfg on disk0 on both machines. I think I may have also issued the CLI command copy old-startup-config.cfg startup-config. I asked both systems to reload without writing the running-config's to memory.
When the systems reloaded, the console, telnet, and enable passwords were no longer recognized on the CLI and Web interface. The interfaces loaded normally, but the passwords didn't work and the cisco default passwords didn't work either. I had to go to each unit's physical location and perform a power cycle and console password recovery.
I am not sure why that happened. Is the startup-config.cfg file on disk0 an altered version of the actual startup-config configuration with missing or encrypted password credentials? I would have never guessed in a million years that my procedure would have knocked out the enable password.
Instead of copy startup-config.cfg old-startup-config.cfg, should I have issued the command copy startup-config old-startup-config.cfg to make a local backup of a working configuration?
I have one more semi-related question. If one uses ASDM file management to create a zip backup of a startup-config or running-config and then proceeds to restore a running-config, when does the restored running-config take effect?
On February 24, 2020, the Cisco PSIRT published eleven (11) vulnerabilities in Cisco FXOS and NX-OS Software. Eight (8) out of the eleven (11) vulnerabilities were found by our internal security and engineering teams, two were found by TAC during the trou...
Hello All, i have two vm firepower as HA and they are working fine as HA the traffics going through fin but there is a red mark shows on the HA, can someone tell me what does that mean please? This only appears on the HA not in individual device...
Software Checker and Automation
This event had place on Thursday 23rd, January at 10hrs PDT
Omar Santos is an active member of the cyber security community, where he leads several industry-wide init...
Securing What's Now and What's Next. With our annual global survey of 2,800 security leaders, we dove deep to compile key benchmark statistics. The 2020 CISO Benchmark Report provides valuable takeaways and data on the most pressing cybersecurity to...
I have 2 Firepower module (ASA 5525) with Malware and IPS licence. Recently i changed the Malware policy action set to "Block Malware" and "Reset Connection". How to log the event if my policy blocked any files? Please find the attached screen shot f...