Solved: Re: I'm Locked out of my ASA 5505 :(

MyersEngineering.com · ‎11-13-2008

It seems that I managed to set a field that determines what IP is authorized to administer the ASA, and I set it to 192.168.10.28 to go along with the new iniside IP of 192.168.10.12. Well, that subnet got an error and doesn't yet exist, but authorization did apparently transfer away from 192.168.1.1 which is still my inside IP.

While I was in there I tried to set Vlan3 to be 192.168.1.1 and authorize it in case things went afoul, but Vlan3 got an error and failed too.

So I tried pressing and holding the reset button. It doesn't work. The book says it is for future use, and using the CLI blue cable in COM 1 I can see that my outside IP is still in place, meaning the reset button did not reset the device.

I can still get in with CLI on COM1, but don't know the commands. If someonce could point me to a CLI command reference I might get it. I found one for PIX but it doesn't seem to work. Or maybe the command to allow https access on 192.168.1.1 again.

Thank you in advance.

mike.keller · ‎11-13-2008

If you just want to reset it and start over, log into it, go into enable mode by typing "enable" put in your enable password, then type "conf t" then "clear configure all" . If you just want to re-ip and re-authorize, whichever vlan you want to re-address, you go into config mode "conf t" then type "interface vlan x" then "ip address x.x.x.x y.y.y.y" where x.x.x.x is the address and y.y.y.y is the subnet mask. Then type "http x.x.x.x y.y.y.y INSIDE" where x.x.x.x is your ip address and y.y.y.y is the subnet. If you are only using your IP, then 255.255.255.255 is sufficient. If you want the whole network to be able to access it, use the network mask. You will also need to make sure that you have typed "http server enable" at some point if you havent already. You can find the command line reference, configuration guide, etc... for 8.x code here: http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_80/index.htm

and for 7.2 code here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/index.htm

for all code versions, look here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/index.htm

good luck.

View solution in original post

mike.keller · ‎11-13-2008

If you just want to reset it and start over, log into it, go into enable mode by typing "enable" put in your enable password, then type "conf t" then "clear configure all" . If you just want to re-ip and re-authorize, whichever vlan you want to re-address, you go into config mode "conf t" then type "interface vlan x" then "ip address x.x.x.x y.y.y.y" where x.x.x.x is the address and y.y.y.y is the subnet mask. Then type "http x.x.x.x y.y.y.y INSIDE" where x.x.x.x is your ip address and y.y.y.y is the subnet. If you are only using your IP, then 255.255.255.255 is sufficient. If you want the whole network to be able to access it, use the network mask. You will also need to make sure that you have typed "http server enable" at some point if you havent already. You can find the command line reference, configuration guide, etc... for 8.x code here: http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_80/index.htm

and for 7.2 code here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/index.htm

for all code versions, look here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/index.htm

good luck.

MyersEngineering.com · ‎11-14-2008

Thank you very much. I'm back in, and I have a lot more useful information as well.