Solved: Interrupting Promps to Pre-Configure Firewall

eddie.harmoush · ‎01-26-2012

Hey all,

When you wr erase and reload an ASA, you are greeted with the following when the reboot is finished:

Pre-configure Firewall now through interactive prompts [yes]?

Firewall Mode [Routed]:

Enable password []:

Allow password recovery [yes]?

Clock (UTC):

Year [2011]:

Month [Jul]:

Day [11]:

Time [03:35:43]:

Inside IP address:

Address required

Inside IP address: 192.168.2.1

Inside network mask:

Mask required

Inside network mask: 255.255.255.0

Host name:

Name required

Host name: ciscoasa

Domain name:

Name required

Domain name: gomjabbar.com

IP address of host running Device Manager:

The following configuration will be used:

Enable password:

Allow password recovery: yes

Clock (UTC): 03:35:43 Jul 11 2011

Firewall Mode: Routed

Inside IP address: 192.168.2.1

Inside network mask: 255.255.255.0

Host name: ciscoasa

Domain name: gomjabbar.com

Use this configuration and write to flash?

My question to the group is more out of convenience. Is there a way to interrupt this line of questioning and return to the to the ciscoasa> prompt?

The reason I need to know is I have an ASA training lab that calls for many wr erase/reload commands. But when returning to the console after the reload, often the first key people press is enter which picks the default of yes, choosing to enter the pre-configuration interactive prompts. I haven't found a way to easily cancel/exit from the prompts, so I figured I would bring this to the forum.

Is there a way to exit out of these interactive prompts? Or is there a way to prevent this from even being an option after reboot?.

Any help would be appreciated. Thank you.

matt.goff · ‎01-27-2012

I think you are looking for Ctrl-z (Control and the Z keys)

View solution in original post

Marvin Rhoads · ‎01-26-2012

I might suggest that instead of write erase + reload that you add an intermediate step of "copy url startup-config" with the url being a basic configuration that sets up the basic script that would otherwise result from the steps above.

I'm not positive but you might also be able to use "configure factory-default" plus a reload.

eddie.harmoush · ‎01-27-2012

I'm afraid configure factory-default wouldn't work. Although I appreciate the suggestion. Here is what I found:

ciscoasa(config)# enable password CHANGEME

ciscoasa(config)# passwd CHANGEME

ciscoasa(config)# show run enable

enable password 5Db5cau6UDXqmaqY encrypted

ciscoasa(config)# show run passwd

passwd 5Db5cau6UDXqmaqY encrypted

ciscoasa(config)# write erase

Erase configuration in flash memory? [confirm]

[OK]

ciscoasa(config)# reload noconfirm

[--- Reload Text Removed --]

ciscoasa> en

Password:

ciscoasa# show run enable

enable password 8Ry2YjIyt7RRXU24 encrypted

ciscoasa# show run passwd

passwd 2KFQnbNIdI.2KYOU encrypted

Results: write erase/reload will reset all passwords -- This is the behavior I am trying to match. However, two additional methods below didn't prove the same luck.

ciscoasa(config)# enable password CHANGEME

ciscoasa(config)# passwd CHANGEME

ciscoasa(config)#

ciscoasa(config)# show run enable

enable password 5Db5cau6UDXqmaqY encrypted

ciscoasa(config)# show run passwd

passwd 5Db5cau6UDXqmaqY encrypted

ciscoasa(config)#

ciscoasa(config)# clear configure all

ciscoasa(config)#

ciscoasa(config)# show run enable

enable password 5Db5cau6UDXqmaqY encrypted

ciscoasa(config)# show run passwd

passwd 2KFQnbNIdI.2KYOU encrypted

ciscoasa(config)#

Results: clear configure all resets the passwd, but not the enable password

ciscoasa(config)# enable password CHANGEME

ciscoasa(config)# passwd CHANGEME

ciscoasa(config)# show run enable

enable password 5Db5cau6UDXqmaqY encrypted

ciscoasa(config)# show run passwd

passwd 5Db5cau6UDXqmaqY encrypted

ciscoasa(config)#

ciscoasa(config)# configure factory-default

[--- Factory-Default Text Removed --]

Factory-default configuration is completed

ciscoasa(config)#

ciscoasa(config)# show run enable

enable password 5Db5cau6UDXqmaqY encrypted

ciscoasa(config)# show run passwd

passwd 2KFQnbNIdI.2KYOU encrypted

ciscoasa(config)#

Results: configure factory-default resets the passwd, but not the enable password

I don't know of another "reset all" method that can be done from the configuration itself, but testing these three it seems only the write erase/reload method will do what I need. But that has the annoying side effect of the interactive prompts when the reload is finished.

Does anyone know of a method to interrupt those prompts? Maybe even a configuration register to bypass the interactive prompts? Anything at all? Any help would be greatly appreciated.

Thanks.

-Eddie

eddie.harmoush · ‎01-27-2012

Just documenting this here since I was playing with it. The default passwords for the enable and passwd:

ciscoasa# show run passwd

passwd 2KFQnbNIdI.2KYOU encrypted

ciscoasa# show run enable

enable password 8Ry2YjIyt7RRXU24 encrypted

ciscoasa# conf t

ciscoasa(config)# enable password cisco

ciscoasa(config)# show run enable

enable password 2KFQnbNIdI.2KYOU encrypted

ciscoasa(config)# exit

So in the end, the following passwords correspond to the following hashs:

2KFQnbNIdI.2KYOU cisco

8Ry2YjIyt7RRXU24

And the default username is..... pix.

Anyways, still looking for a solution. Just thought this might be helpful if anyone ends up finding this post on a search engine or something.

matt.goff · ‎01-27-2012

I think you are looking for Ctrl-z (Control and the Z keys)

eddie.harmoush · ‎01-30-2012

That did the trick. Thanks matt.goff. I'm a bit emabarssed that I didn't try that combination myself.

Thanks again.

-Eddie