Solved: IPS password recovery

shijuuu · ‎09-04-2011

hi experts,

Could someone please help me on resetting password on my IPS module below provided are the HW details. from the below out put we can see that I dont have option to reset password by using hw-module module 1 pass commnad.

XX sh ver

Cisco Adaptive Security Appliance Software Version 7.0(7)

Device Manager Version 5.0(9)

Compiled on Fri 06-Jul-07 10:37 by builders

System image file is "disk0:/asa707-k8.bin"

Config file at boot was "startup-config"

up 144 days 17 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0 : address is 0007.0e11.dc20, irq 9

1: Ext: Ethernet0/1 : address is 0007.0e11.dc21, irq 9

2: Ext: Ethernet0/2 : address is 0007.0e11.dc22, irq 9

3: Ext: Not licensed : irq 9

4: Ext: Management0/0 : address is 0007.0e11.dc24, irq 11

5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:

Maximum Physical Interfaces : 4

Maximum VLANs : 10

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : 50

This platform has a Base license.

Serial Number: JMX1140L0S7

Running Activation Key: 0x18174b71 0x1017f59b 0xac800d50 0xbc1034e0 0x0726b8a8

Configuration register is 0x1

Configuration last modified by netadmin at 06:53:08.925 UTC Thu May 26 2011

l

XX sh module

Mod Card Type Model Serial No.

--- -------------------------------------------- ------------------ -----------

0 ASA 5510 Adaptive Security Appliance ASA5510 JMX1140L0S7

1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAF1342AJBR

Mod MAC Address Range Hw Version Fw Version Sw Version

--- --------------------------------- ------------ ------------ ---------------

0 0007.0e11.dc20 to 0007.0e11.dc24 2.0 1.0(11)2 7.0(7)

1 0026.cba2.ae61 to 0026.cba2.ae61 1.0 1.0(11)5 7.0(2)E4

Mod Status Data Plane Status

--- ------------------ ---------------------

0 Up Sys Not Applicable

1 Up Up

# hw

# hw-module m

# hw-module module 1 ?

recover Configure recovery of this module

reload Reload the module

reset Reset the module

shutdown Shut down the module

# hw-module module 1

Jennifer Halim · ‎09-04-2011

Cheers, let me know if you have any further questions.

View solution in original post

Jennifer Halim · ‎09-04-2011

The AIP module password recovery to be performed from the ASA is only supported from ASA version 7.2.2:

Command: hw-module module password-reset

Here is the command for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1761289

Since you are currently running ASA version 7.0.7, you would need to perform the AIP module password recovery by reimaging the AIP module, and unfortunately you would lose all the configuration via this method:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_password_recovery09186a0080094e83.shtml#ipsapp

It's probably easier to upgrade the ASA to version 7.2.2 and recover the AIP module password via the command line.

Hope this helps.

shijuuu · ‎09-04-2011

thanks a lot, I would probably upgrade the ASA version to

asa723-k8.bin, hope direct upgrade would work

thanks

Jennifer Halim · ‎09-04-2011

Great, and thanks for the update. Pls kindly mark the post as answered if you have no further question, so others can learn from your post. Thank you.

shijuuu · ‎09-04-2011

Thanks and appreciated

I believe u meant to click on correct answer rit ? I will do it for sure once I complete the task which is on coming thursday.

Thanks

Jennifer Halim · ‎09-04-2011

Cheers, let me know if you have any further questions.