cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3152
Views
0
Helpful
7
Replies

problem reset-ing ASA 5505

xinteladmin
Level 1
Level 1

Hi,

I'm new to cisco ASA 5505,

I dunno why after i reset my firewall to the  factory default, then restart it... all my default factory setting gone...
below are the command:
config  factory-default
after  it run through the process i type
reload  save-config noconfirm
after  this command, the firewall restart and i type
show run
it  show below setting
ASA  Version 8.2(1)                 
!
hostname ciscoasa                 
enable password 8Ry2YjIyt7RRXU24  encrypted                                         
passwd 2KFQnbNIdI.2KYOU  encrypted                                
names    
!
interface  Vlan1              
no nameif         
no  security-level                 
no ip address             

interface Ethernet0/0                    
shutdown        

interface Ethernet0/1                    
shutdown        

interface Ethernet0/2                    
shutdown        

interface Ethernet0/3                    
shutdown        

interface Ethernet0/4                    
shutdown        

interface Ethernet0/5                   
shutdown        

interface Ethernet0/6                    
shutdown        

interface Ethernet0/7                    
shutdown        

ftp mode passive               
pager lines 24             
icmp  unreachable rate-limit 1 burst-size 1                                          
no asdm history enable                     
arp timeout  14400                
timeout xlate 3:00:00                    
timeout  conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc  0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip  0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout  sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout  tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record  DfltAccessPolicy
no snmp-server location
no snmp-server  contact
snmp-server enable traps snmp authentication linkup linkdown  coldstart
crypto ipsec security-association lifetime seconds 28800
crypto  ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh  timeout 5
console timeout 0
threat-detection  basic-threat
threat-detection statistics access-list
no threat-detection  statistics tcp-intercept
!
!
prompt hostname  context
Cryptochecksum:00000000000000000000000000000000
:  end
everything  that i restore to default factory setting  gone....
Any  iea what might cause this?? or after i reset the firewall to factory  default there is a command to save the  setting??

7 Replies 7

Jennifer Halim
Cisco Employee
Cisco Employee

That is the factory default configuration.

Factory default means removing all your configuration and setting it back to when you just got the device.

August Ritchie
Level 1
Level 1

Doing "configure factory-default" should bring you back to the original configuration (including vlan1 ip address and dhcp so  you can manage with ASDM)

So please try this, just do "configure factory-default" then do a show run and see if it is what you are looking for. You don't need to reload as the command should take immediate effect.

If for some reason you are still having the same issue, paste in the commands below to get back to default. Afterwards you can do a "write mem" to save.

First do "config t" from enable

interface Ethernet 0/0
   switchport access vlan 2
   no shutdown
interface Ethernet 0/1
   switchport access vlan 1
   no shutdown
interface Ethernet 0/2
   switchport access vlan 1
   no shutdown
interface Ethernet 0/3
   switchport access vlan 1
   no shutdown
interface Ethernet 0/4
   switchport access vlan 1
   no shutdown
interface Ethernet 0/5
   switchport access vlan 1
   no shutdown
interface Ethernet 0/6
   switchport access vlan 1
   no shutdown
interface Ethernet 0/7
   switchport access vlan 1
   no shutdown
interface vlan2
   nameif outside
   no shutdown
   ip address dhcp setroute
interface vlan1
   nameif inside
   ip address 192.168.1.1 255.255.255.0
   security-level 100
   no shutdown
global (outside) 1 interface
nat (inside) 1 0 0
http server enable
http 192.168.1.0 255.255.255.0 inside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd auto_config outside
dhcpd enable inside
logging asdm informational

Site for reference:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/start.html#wp1053752

Message was edited by: August Ritchie - weird formatting

to ritchie

Yes that is the default factory setting that i'm looking for.

configure factory-default

and after i

write mem

and reload the ASA5505 i'll get back the following config

SA Version 8.2(1)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

no nameif

no security-level

no ip address

!

interface Ethernet0/0

shutdown

!

interface Ethernet0/1

shutdown

!

interface Ethernet0/2

shutdown

!

interface Ethernet0/3

shutdown

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

ftp mode passive

pager lines 24

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

......

My show running-config and show startup-config is different. How to make the

startup-config = running-config even after i reload the ASA 5505??

Doing a wr mem should save your running-conf to startup-conf.'

My guess is that your configuration register is not default.

What does your "show version" say your config register is?

If it is not 0x1 please use the following command

config-register 0x1

After this, do the default config and wr mem then reload.

Hi ritchie,

here is my show run startup-config

show startup-config


ASA Version 8.2(1)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.1.5-192.168.1.36 inside

dhcpd enable inside

!


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

!

prompt hostname context

Cryptochecksum:98ea9adf0343c4d83971d1bb9c6cf0ab


and here is my running config

show running-config

ASA Version 8.2(1)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

no nameif

no security-level

no ip address

!

interface Ethernet0/0

shutdown

!

interface Ethernet0/1

shutdown

!

interface Ethernet0/2

shutdown

!

interface Ethernet0/3

shutdown

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

ftp mode passive

pager lines 24

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

!

prompt hostname context

Cryptochecksum:00000000000000000000000000000000

: end

And here is my show version

show version


Device Manager Version 6.2(1)


Compiled on Tue 05-May-09 22:45 by builders

System image file is "disk0:/asa821-k8.bin"

Config file at boot was "startup-config"


ciscoasa up 1 hour 9 mins


Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash Firmware Hub @ 0xffe00000, 1024KB


Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode   :  CN1000-MC-BOOT-2.00

                             SSL/IKE microcode:  CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode  :  CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0    : address is c84c.75aa.7b2a, irq 11

1: Ext: Ethernet0/0         : address is c84c.75aa.7b22, irq 255

2: Ext: Ethernet0/1         : address is c84c.75aa.7b23, irq 255

3: Ext: Ethernet0/2         : address is c84c.75aa.7b24, irq 255

4: Ext: Ethernet0/3         : address is c84c.75aa.7b25, irq 255

5: Ext: Ethernet0/4         : address is c84c.75aa.7b26, irq 255

6: Ext: Ethernet0/5         : address is c84c.75aa.7b27, irq 255


8: Ext: Ethernet0/7         : address is c84c.75aa.7b29, irq 255

9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

10: Int: Not used            : irq 255

11: Int: Not used            : irq 255


Licensed features for this platform:

Maximum Physical Interfaces  : 8

VLANs                        : 3, DMZ Restricted

Inside Hosts                 : 10

Failover                     : Disabled

VPN-DES                      : Enabled

VPN-3DES-AES                 : Enabled

SSL VPN Peers                : 2

Total VPN Peers              : 10

Dual ISPs                    : Disabled

VLAN Trunk Ports             : 0

Shared License               : Disabled

AnyConnect for Mobile        : Disabled

AnyConnect for Linksys phone : Disabled

AnyConnect Essentials        : Disabled

Advanced Endpoint Assessment : Disabled

UC Phone Proxy Sessions      : 2

Total UC Proxy Sessions      : 2

This platform has a Base license.


Serial Number: JMX142441Q5

Running Activation Key: 0x611fec40 0x602759d6 0x44d17550 0xaff8a8f8 0xcd0110b7

Configuration register is 0x41

Configuration has not been modified since last system restart.

Your config register is set wrong according to your show version we see here:

Configuration register is 0x41

Please run the command

config-register 0x1

Then do the config factory-def and wr mem. Reload

Thanx richie.

problem solved...

Review Cisco Networking for a $25 gift card