cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12327
Views
5
Helpful
9
Replies

Cisco ASA 5510 Password Recovery

paul dungey
Level 1
Level 1

Good Morning,

I have 3 x ASA 5510 & 2 x ASA  5520, that require resetting back to factory default, the customer has removed the External Flash Cards, and i've checked internally on each unit the Internal Flash car is still present, is it possible to run a password recovery then a factory reset? and how would i go about resetting each unit to the new configuration.

Regards

Paul

2 Accepted Solutions

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

The below link should include the information to do password recovery for the ASA (Document is for ASA ver 7.1 though I doubt there has been major changes regarding this process)

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/trouble.html#wp1062992

Unless the customer has ordered Flash memory before to the External Flash Memory Slot there has been no Flash memory card in the external slot. By default the ASAs come only with the internal Flash. Which to my understanding is right above the external slot when you open the case.

The above guide should give you the steps to first boot the ASA with default configuration and then you can copy the old configuration back to the ASA and change the username/password information and keep the old configuration if needed.

Please rate if you have found the information helpful

View solution in original post

Hi,

Sounds to me like it still has the configuration and it hasnt been deleted.

For example I had a ASA5505 on my desk that was supposed to go to a customer and still had the customer configuration.

I powered on the ASA5505. After the device had booted I used the current enable password to log on. I then issued the command "wr erase" and then gave the command "reload" after which the ASA rebooted without any configurations.

It would seem to me that you might have saved the current configuration at some point before reloading the device

- Jouni

View solution in original post

9 Replies 9

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

The below link should include the information to do password recovery for the ASA (Document is for ASA ver 7.1 though I doubt there has been major changes regarding this process)

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/trouble.html#wp1062992

Unless the customer has ordered Flash memory before to the External Flash Memory Slot there has been no Flash memory card in the external slot. By default the ASAs come only with the internal Flash. Which to my understanding is right above the external slot when you open the case.

The above guide should give you the steps to first boot the ASA with default configuration and then you can copy the old configuration back to the ASA and change the username/password information and keep the old configuration if needed.

Please rate if you have found the information helpful

Hi Jouni,

Great the above link has worked !

The unit will need to be returned to the customer with no passwords is this possible ? what command would i need to use to check that the firewall has no customer identifiying IP or Banner ETC information.

kinds regards Paul

Hi,

Do you need to return it with some configuration or will a blank configuration or factory default configuration do?

You can either

  • wr erase = Will erase the startup configuration from the ASA
  • config factory-default = Will return configuration to factory default

Heres a link related to the command "configure factory-default"

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c4.html#wp2142364

Generally removing single configuration lines uses "no" parameter and the configuration to be removed. The command "clear configure" also has options to clear more configurations with one single command. (For example complete ACLs)

- Jouni

HI Jouni

I've run the commands you've given above, Switched off then switched back on when asked to enter privalage mode it's still asking me for password?

paul

Hi,

I think the ASA will by default ask for a password even if the configuration is blank.

In this case you should be able to just press the "Enter" key. (wihtout typing any kind of passwords)

- Jouni

Hi Jouni

I've tried what you said above but as soon as i enter privalage mode it asks for password I press enter and it still asks me for the password, I've just put my password i created early on and it allows me to access the privlage mode.

Paul

Hi,

Sounds to me like it still has the configuration and it hasnt been deleted.

For example I had a ASA5505 on my desk that was supposed to go to a customer and still had the customer configuration.

I powered on the ASA5505. After the device had booted I used the current enable password to log on. I then issued the command "wr erase" and then gave the command "reload" after which the ASA rebooted without any configurations.

It would seem to me that you might have saved the current configuration at some point before reloading the device

- Jouni

Hi

I would just like to thank all the engineers who have helped me solve my issues relating to the ASA firewall.

Many thanks.

Regards

Paul

johnoliphant1
Level 1
Level 1

This seems to be a popular search result link to reset the 5510 ASA, so I thought I'd post what worked for me, a very simple system reset.

I have a 5510 that was once used for something, nobody here remembers what. But, I did have the login and enable password, so that's my starting point.

ciscoasa(config)# configure factory-default

ciscoasa(config)# write memory

reload

 

That seemed to get rid of most of the configuration. However, the old enable password remained. What I did next is in this thread:

Write erase

reload

 

And voila! It's a factory-default machine again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: