05-02-2019 01:14 PM
First off, thank you for everyone that helps with my current issue. I have a Cisco ASA 5506 router and I have exhausted all options that I know of trying to connect to this router to change some of the firewall settings. Long story short, we had an IT company that went belly up. I believe they changed the IP address for the router itself, but could be wrong. I have tried connecting a laptop directly to the router in the console ports, but still have not been able to get to the interface of the router. It will say I am connected with no internet, but when I go to look up the connections' IP Address it shows something that could not possibly be an IP address.
Just in case this helps. The router has only the GigabitEthernet 1/2 with a cat 5 cord connected. This cat 5 goes to a switch, which has a server with our active directory connect. We also have a secondary switch, connected to the first one.
I have tried the usual IP addresses:
192.168.1.1
192.168.1.2
192.168.2.1
192.168.3.1
192.168.10.1
192.168.30.1
But none of those can connect to anything. Any help will be greatly appreciated. I am contemplating doing a hard reset on the router, but I do not know what kind of effect that will have since I did not configure this network. Thanks again!
05-02-2019 03:50 PM
Hi,
The console port is not accessed using IP address. You need to connect the console cable and access it with serial connection.
Regards,
Sebastian
05-02-2019 08:20 PM
Since we are not aware what IP address ranged used in your network.
First place i suggest to physically console to device, so you get all information quick.
If you do not have access to console. then check the Device connected switch port with MAC address and map the MAC to IP in your network IP range.
05-04-2019 11:07 AM
We do not have much information to work with and that makes it difficult to give good advice. Any additional information that you can provide might be helpful. Can we assume that this is a live network (not a lab or something like that) and that the network does work? If it is a working network then we need to be careful about doing a reset or making changes that might impact the working network.
Am I understanding correctly that the 5506 has only a single connected interface G1/2? That seems very unexpected. Is there anything connected to G1/1? Or any other interface is connected?
Do you have access to the switch that is connected to the 5506? If you have access to the switch if you do show arp (or perhaps show ip arp depending on the platform) is there an IP address associated with the switch interface that connects to the 5506? If so then this would be the IP of the 5506 and you can try to connect to it.
Another possibility would be to do show ip route on the switch and look for a default gateway. If the switch has a default gateway then probably this is the address of 5506 that you could connect to.
Another possibility is to check on some of the devices connected in your network and to find their default gateway. Then find the address that is their default gateway. Perhaps the address that is their default gateway is the address of the 5506 that you could connect to. Or perhaps the address that is their default gateway is the switch. Then from the switch what is its default gateway? That might be the address to use to access the 5506. Or perhaps their default gateway is some other device in your network. If so access that device and look for its default route/default gateway which could be the address to access the 5506.
I agree with the point made in several previous responses that accessing the 5506 by its console is not an IP based access. For the console you need a console cable to connect your PC to the 5506 and would need terminal emulator software to access the serial console connection.
HTH
Rick
05-06-2019 11:03 AM
G1/1 is connected to the incoming fios.
G1/2 is connected to a switch.
Nothing else is connected to the console or any of the G 1/3 - G 1/8
Was able to finally found the IP address. I can get to the point now to Install ASDM launcher, but I am being prompted by a user/password. Now we have no record of the password that they changed it to. I have tried default username/password from this unit without any success.
If I were to hard reset this, now knowing the IP address it was set to, and set it back to the same IP, Would this cause our system to crash?
05-06-2019 12:30 PM
Thanks for the update. Glad to know that you have found the IP address used by the ASA. It is not surprising that you are being prompted for a user ID and password. And not surprising that who ever was administering the ASA changed it from the default values. You would probably have the same issue about user authentication if you connect using the console port. But it might be worth a try.
I would be very cautious about doing a hard reset (and perhaps I am not entirely clear what you have in mind when you call it a hard reset). But it sounds to me like you may be talking about resetting to factory defaults. You do NOT want to do that. Right now you have a working config - but you do not know what is in that config. If you reset to factory defaults then you have no way to recreate that config. So be very cautious about this.
What you really want to do is to perform password recovery on this ASA. This will temporarily take the ASA out of service. But if carefully and correctly done it allows you to access the ASA, to configure new ID and passwords, and to recover the current config. Password recovery is done using the console port and this link has instructions for how to do it.
Good luck with password recovery and recovering the ASA configuration.
HTH
Rick
05-06-2019 12:48 PM
You can use reset password proceedure.
https://www.tunnelsup.com/how-to-do-a-password-recovery-on-a-cisco-asa-firewall/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide