excellent, well written  and simple solution

just what i was looking for!

Small differences, but also successful:

Performing Password Recovery for the ASA 5500 Series Adaptive Security Appliance

To recover passwords, perform the following steps:

Step 1 Connect to the security appliance console port according to the "Accessing the Command-Line Interface" section on page 2-4.

Step 2 Power off the security appliance, and then power it on.

Step 3 During the startup messages, press the Escape key when prompted to enter ROMMON.

Step 4 To set the security appliance to ignore the startup configuration at reload, enter the following command:

rommon #1> confreg

The security appliance displays the current configuration register value, and asks if you want to change the value:

Current Configuration Register: 0x00000011

Configuration Summary:

  boot TFTP image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]:

Step 5 Record your current configuration register value, so you can restore it later.

Step 6 At the prompt, enter Y to change the value.

The security appliance prompts you for new values.

Step 7 Accept the default values for all settings, except for the "disable system configuration?" value; at that prompt, enter Y.

Step 8 Reload the security appliance by entering the following command:

rommon #2> boot

The security appliance loads a default configuration instead of the startup configuration.

Step 9 Enter privileged EXEC mode by entering the following command:

hostname> enable

Step 10 When prompted for the password, press Return.

The password is blank.

Step 11 Load the startup configuration by entering the following command:

hostname# copy startup-config running-config

Step 12 Enter global configuration mode by entering the following command:

hostname# configure terminal

Step 13 Change the passwords in the configuration by entering the following commands, as necessary:

hostname(config)# password password

hostname(config)# enable password password

hostname(config)# username name password password

Step 14 Change the configuration register to load the startup configuration at the next reload by entering the following command:

hostname(config)# config-register value

Where value is the configuration register value you noted in Step 5 and 0x1 is the default configuration register. For more information about the configuration register, see the Cisco Security Appliance Command Reference.

Step 15 Save the new passwords to the startup configuration by entering the following command:

hostname(config)# copy running-config startup-config

Further modified instructions for the vulcan minded:

Performing Password Recovery for the ASA 5500 Series Adaptive Security Appliance

To recover passwords, perform the following steps:

Step 1 Connect to the security appliance console port according to the "Accessing the Command-Line Interface" section on page 2-4.

Step 2 Power off the security appliance, and then power it on.

Step 3 During the startup messages, press the Escape key when prompted to enter ROMMON.

Step 4 To set the security appliance to ignore the startup configuration at reload, enter the following command:

rommon #1> confreg

The security appliance displays the current configuration register value, and asks if you want to change the value:

Current Configuration Register: 0x00000011

Configuration Summary:

  boot TFTP image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]:

Step 5 Record your current configuration register value (the number that is similar to 0x00000011 in the example above,) so you can restore it later.

Step 6 Enter Y to change the configuration and press Y.

The security appliance prompts you for new values.

Step 7 Accept the default values for all settings (which is N for all settings by the way,) except for the "disable system configuration?" value; at that prompt, enter Y.

Step 8 Reload the security appliance by entering the following command:

rommon #2> boot

The security appliance loads a default configuration instead of the startup configuration.

Step 9 Enter privileged EXEC mode by entering the following command:

hostname> enable

Step 10 When prompted for the password, press Return.

The password is blank.

Step 11 Load the startup configuration by entering the following command:

hostname# copy startup-config running-config

Step 12 Enter global configuration mode by entering the following command:

hostname# configure terminal

Step 13 Change the passwords in the configuration by entering the following commands, as necessary.  Note:  the second word "password" below is where you enter your actual password since the password "password" is not a password at all.

hostname(config)# password password

hostname(config)# enable password password

hostname(config)# username name password password

Step 14 Change the configuration register to load the startup configuration at the next reload by entering the following command:

hostname(config)# config-register value

Where value is the configuration register value you noted in Step 5 and 0x1 is the default configuration register. For more information about the configuration register, see the Cisco Security Appliance Command Reference.

Step 15 Save the new passwords to the startup configuration by entering the following command:

hostname(config)# copy running-config startup-config

Step 16 You will need to repeat steps 4 through 8, except this time at step seven press N for the "disable system configuration?" 

What about ASA 5525-x because it does not accept password password command, is the password recovery like ASA 5520 ? or which steps are necessary for ASA 5525-x password recovery ? 

Can this be done in an Active/Standby configuration without an outage?  I was thinking that I could reset the password on the standby ASA and when it returned to service, its configuration would be newer so it would push the new passwords over to the active ASA.  Is this correct?

That appears to have worked, except I received a message when I copied the startup-config to the running-config saying "Enter the certificate in hexadecimal representation". I assume I lost all my ASA Issued client certificates? Not a big deal as this ASA hasn't been used in months.

@Parminder Sian Thanks Bro , Its Helps me a lot . Really very appreciating work by you. :) 

---

@Parminder Sian wrote:

• Password Recovery Procedure
• Disabling Password Recovery
• Password Recovery Procedure
• Disabling Password Recovery
• Password Recovery Procedure
• Disabling Password Recovery

 

 

Password Recovery Procedure

 

To recover passwords for the ASA, perform the following steps:

 

Step 1 Connect to the ASA console port according to the instructions in "Accessing the Command-Line Interface" section.

 

Step 2 Power off the ASA, and then power it on.

 

Step 3 After startup, press the Escape key when you are prompted to enter ROMMON mode.

 

Step 4 To update the configuration register value, enter the following command:

 

rommon #1> confreg 0x41

 

Update Config Register (0x41) in NVRAM...

 

 

Step 5 To set the ASA to ignore the startup configuration, enter the following command:

 

rommon #1> confreg

 

 

The ASA displays the current configuration register value, and asks whether you want to change it:

 

Current Configuration Register: 0x00000041

Configuration Summary: 

  boot default image from Flash

  ignore system configuration

 

Do you wish to change this configuration? y/n [n]: y

 

 

Step 6 Record the current configuration register value, so you can restore it later.

 

Step 7 At the prompt, enter Y to change the value.

 

The ASA prompts you for new values.

 

Step 8 Accept the default values for all settings. At the prompt, enter Y.

 

Step 9 Reload the ASA by entering the following command:

 

rommon #2> boot

Launching BootLoader...

Boot configuration file contains 1 entry.

Loading disk0:/asa800-226-k8.bin... Booting...Loading...

 

 

 

The ASA loads the default configuration instead of the startup configuration.

 

Step 10 Access the privileged EXEC mode by entering the following command:

 

hostname> enable

 

 

Step 11 When prompted for the password, press Enter.

 

The password is blank.

 

Step 12 Load the startup configuration by entering the following command:

 

hostname# copy startup-config running-config

 

 

Step 13 Access the global configuration mode by entering the following command:

 

hostname# configure terminal

 

 

Step 14 Change the passwords, as required, in the default configuration by entering the following commands:

 

hostname(config)# password password

hostname(config)# enable password password

hostname(config)# username name password password

 

 

Step 15 Load the default configuration by entering the following command:

 

hostname(config)# no config-register 

 

 

The default configuration register value is 0x1.

 

Step 16 Save the new passwords to the startup configuration by entering the following command:

 

hostname(config)# copy running-config startup-config

 

 

Disabling Password Recovery

 

You might want to disable password recovery to  ensure that unauthorized users cannot use the password recovery  mechanism to compromise the ASA.

 

On the ASA, the no service password-recovery command prevents a user from entering ROMMON mode with the configuration intact. When a user enters ROMMON mode, the ASA  prompts the user to erase all Flash file systems. The user cannot enter  ROMMON mode without first performing this erasure. If a user chooses  not to erase the Flash file system, the ASA  reloads. Because password recovery depends on using ROMMON mode and  maintaining the existing configuration, this erasure prevents you from  recovering a password. However, disabling password recovery prevents  unauthorized users from viewing the configuration or inserting different  passwords. In this case, to restore the system to an operating state,  load a new image and a backup configuration file, if available.

---

---

@Parminder Sian wrote:

• Password Recovery Procedure
• Disabling Password Recovery
• Password Recovery Procedure
• Disabling Password Recovery
• Password Recovery Procedure
• Disabling Password Recovery

 

 

Password Recovery Procedure

 

To recover passwords for the ASA, perform the following steps:

 

Step 1 Connect to the ASA console port according to the instructions in "Accessing the Command-Line Interface" section.

 

Step 2 Power off the ASA, and then power it on.

 

Step 3 After startup, press the Escape key when you are prompted to enter ROMMON mode.

 

Step 4 To update the configuration register value, enter the following command:

 

rommon #1> confreg 0x41

 

Update Config Register (0x41) in NVRAM...

 

 

Step 5 To set the ASA to ignore the startup configuration, enter the following command:

 

rommon #1> confreg

 

 

The ASA displays the current configuration register value, and asks whether you want to change it:

 

Current Configuration Register: 0x00000041

Configuration Summary: 

  boot default image from Flash

  ignore system configuration

 

Do you wish to change this configuration? y/n [n]: y

 

 

Step 6 Record the current configuration register value, so you can restore it later.

 

Step 7 At the prompt, enter Y to change the value.

 

The ASA prompts you for new values.

 

Step 8 Accept the default values for all settings. At the prompt, enter Y.

 

Step 9 Reload the ASA by entering the following command:

 

rommon #2> boot

Launching BootLoader...

Boot configuration file contains 1 entry.

Loading disk0:/asa800-226-k8.bin... Booting...Loading...

 

 

 

The ASA loads the default configuration instead of the startup configuration.

 

Step 10 Access the privileged EXEC mode by entering the following command:

 

hostname> enable

 

 

Step 11 When prompted for the password, press Enter.

 

The password is blank.

 

Step 12 Load the startup configuration by entering the following command:

 

hostname# copy startup-config running-config

 

 

Step 13 Access the global configuration mode by entering the following command:

 

hostname# configure terminal

 

 

Step 14 Change the passwords, as required, in the default configuration by entering the following commands:

 

hostname(config)# password password

hostname(config)# enable password password

hostname(config)# username name password password

 

 

Step 15 Load the default configuration by entering the following command:

 

hostname(config)# no config-register 

 

 

The default configuration register value is 0x1.

 

Step 16 Save the new passwords to the startup configuration by entering the following command:

 

hostname(config)# copy running-config startup-config

 

 

Disabling Password Recovery

 

You might want to disable password recovery to  ensure that unauthorized users cannot use the password recovery  mechanism to compromise the ASA.

 

On the ASA, the no service password-recovery command prevents a user from entering ROMMON mode with the configuration intact. When a user enters ROMMON mode, the ASA  prompts the user to erase all Flash file systems. The user cannot enter  ROMMON mode without first performing this erasure. If a user chooses  not to erase the Flash file system, the ASA  reloads. Because password recovery depends on using ROMMON mode and  maintaining the existing configuration, this erasure prevents you from  recovering a password. However, disabling password recovery prevents  unauthorized users from viewing the configuration or inserting different  passwords. In this case, to restore the system to an operating state,  load a new image and a backup configuration file, if available.

---

---

@Parminder Sian wrote:

• Password Recovery Procedure
• Disabling Password Recovery
• Password Recovery Procedure
• Disabling Password Recovery
• Password Recovery Procedure
• Disabling Password Recovery

 

 

Password Recovery Procedure

 

To recover passwords for the ASA, perform the following steps:

 

Step 1 Connect to the ASA console port according to the instructions in "Accessing the Command-Line Interface" section.

 

Step 2 Power off the ASA, and then power it on.

 

Step 3 After startup, press the Escape key when you are prompted to enter ROMMON mode.

 

Step 4 To update the configuration register value, enter the following command:

 

rommon #1> confreg 0x41

 

Update Config Register (0x41) in NVRAM...

 

 

Step 5 To set the ASA to ignore the startup configuration, enter the following command:

 

rommon #1> confreg

 

 

The ASA displays the current configuration register value, and asks whether you want to change it:

 

Current Configuration Register: 0x00000041

Configuration Summary: 

  boot default image from Flash

  ignore system configuration

 

Do you wish to change this configuration? y/n [n]: y

 

 

Step 6 Record the current configuration register value, so you can restore it later.

 

Step 7 At the prompt, enter Y to change the value.

 

The ASA prompts you for new values.

 

Step 8 Accept the default values for all settings. At the prompt, enter Y.

 

Step 9 Reload the ASA by entering the following command:

 

rommon #2> boot

Launching BootLoader...

Boot configuration file contains 1 entry.

Loading disk0:/asa800-226-k8.bin... Booting...Loading...

 

 

 

The ASA loads the default configuration instead of the startup configuration.

 

Step 10 Access the privileged EXEC mode by entering the following command:

 

hostname> enable

 

 

Step 11 When prompted for the password, press Enter.

 

The password is blank.

 

Step 12 Load the startup configuration by entering the following command:

 

hostname# copy startup-config running-config

 

 

Step 13 Access the global configuration mode by entering the following command:

 

hostname# configure terminal

 

 

Step 14 Change the passwords, as required, in the default configuration by entering the following commands:

 

hostname(config)# password password

hostname(config)# enable password password

hostname(config)# username name password password

 

 

Step 15 Load the default configuration by entering the following command:

 

hostname(config)# no config-register 

 

 

The default configuration register value is 0x1.

 

Step 16 Save the new passwords to the startup configuration by entering the following command:

 

hostname(config)# copy running-config startup-config

 

 

Disabling Password Recovery

 

You might want to disable password recovery to  ensure that unauthorized users cannot use the password recovery  mechanism to compromise the ASA.

 

On the ASA, the no service password-recovery command prevents a user from entering ROMMON mode with the configuration intact. When a user enters ROMMON mode, the ASA  prompts the user to erase all Flash file systems. The user cannot enter  ROMMON mode without first performing this erasure. If a user chooses  not to erase the Flash file system, the ASA  reloads. Because password recovery depends on using ROMMON mode and  maintaining the existing configuration, this erasure prevents you from  recovering a password. However, disabling password recovery prevents  unauthorized users from viewing the configuration or inserting different  passwords. In this case, to restore the system to an operating state,  load a new image and a backup configuration file, if available.

---

This guide is missing something around step 6 or 7 where when asked whether to "disable system configuration", you are supposed to answer yes. That is the only way to bypass the existing password and overwrite it with a new one.

Other than that, it is an excellent life saver.

I have firewall 5516, by mistake I have disable password recovery option also I have forgot username and password how to reset the firewall or how to load new ISO file.

Please help

Somehow it helped me to reset the password on 5506x. Will I be able to reset to factory default from privilege exec ?

On our ASA5516X there is a password recovery disable command executed, and our unit has some issue with the OS so it is crashing just after booting, this is happening time after time after time for a indefinite amount of time. 

Now when it is booting there is no text saying you can press ESC to go to ROMMON.

And we have tried hundreds of key combinations to be able to go to ROMMON but it just does not want to go to ROMMON at all, so we cannot install a new image, and now this ASA5516-FPWR-K9 is eating dust.

Any idea's ? 

Spamming ESC all the time has no impact.

I have tried with a working tested regular rj45 console cable, and I tried the mini USB console cable and same result. 

After the individual packages are booted the text from spamming the ESC button it sent to the terminal screen so the ASCII protocol data is sent to the device. (see below in red the ESC and Break button being pressed)

See log below : 

Rom image verified correctly

Cisco Systems ROMMON, Version 1.1.14, RELEASE SOFTWARE
Copyright (c) 1994-2018 by Cisco Systems, Inc.
Compiled Tue 06/05/2018 22:45:19.61 by builder

Current image running: Boot ROM0
Last reset cause: PowerOn
DIMM Slot 0 : Present
DIMM Slot 1 : Present

Platform ASA5516 with 8192 Mbytes of main memory
MAC Address: 28:6f:7f:03:b1:a2

Located '.boot_string' @ cluster 200582.

#
Attempt autoboot: "boot disk0:/asdm-7101.bin"
Located 'asdm-7101.bin' @ cluster 958584.

################################################################################ ################################################################################ ################################################################################ ################################################################################ #############

boot: error executing "boot disk0:/asdm-7101.bin"
Attempt autoboot: "boot disk0:"
Located 'asasfr-5500x-boot-6.2.2-3.img' @ cluster 1200252.

################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ #########
Located '.boot_string' @ cluster 200582.

Located 'asdm-7101.bin' @ cluster 958584.

################################################################################ ################################################################################ ################################################################################ ################################################################################ #############
Located 'crashinfo_20220511_152027_UTC' @ cluster 200585.

#######
Located 'asa5500-firmware-1114.SPA' @ cluster 966920.

################################################################################ ##########
LFBFF signature verified.
Objtype: lfbff_object_rommon (0x800000 bytes @ 0x74c9b238)
Objtype: lfbff_object_fpga (0xd0100 bytes @ 0x7549b258)
Located 'asa9-14-1-10-lfbff-k8.SPA' @ cluster 1026945.

########################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
LFBFF signature verified.
INIT: version 2.88 booting
Starting udev
^[Configuring network interfaces... done.
Populating dev cache
^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[fsck.fat 3.0.28 (2015-05-16)
^[Starting check/repair pass.
^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[Starting verification pass.
^[^[^[^[^[/dev/sdb1: 74 files, 843002/1798211 clusters
dosfsck(/dev/sdb1) returned 0
Mounting /dev/sdb1
^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[Starting random number generator daemon.
^[^[^[^[Running postinst /etc/rpm-postinsts/100-rng-tool^[^[IO Memory Nodes: 1
IO Memory Per Node: 610271232 bytes num_pages = 148992 page_size = 4096

Global Reserve Memory Per Node: 314572800 bytes Nodes=1

^[^[^[^[^[^[^[^[^[^[LCMB: got 610271232 bytes on numa-id=0, phys=0x1eb800000, virt=0x7f81a0200000
^[^[^[^[LCMB: HEAP-CACHE POOL got 312475648 bytes on numa-id=0, virt=0x7f818d600000

total_reserved_mem = 610271232

total_heapcache_mem = 312475648
total mem 4029635417 system 8238256128 kernel 36143339 image 99075856
new 4188461845 old 4498944906 reserve 610271232 priv new 3614333952 priv old 3790923776
Processor memory: 4029635417
M_MMAP_THRESHOLD 65536, M_MMAP_MAX 61487
^[^[^[^[POST started...
POST finished, result is 0 (hint: 1 means it failed)

Compiled on Tue 26-May-20 09:39 PDT by builders
^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[
Total NICs found: 14
i354 rev03 Gigabit Ethernet @ irq255 dev 20 index 08 MAC: 286f.7f03.b1a2
ivshmem rev03 Backplane Data Interface @ index 09 MAC: 0000.0001.0002
en_vtun rev00 Backplane Control Interface @ index 10 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 11 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 12 MAC: 0000.0000.0000
en_vtun rev00 Backplane Tap Interface @ index 13 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
^[Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0x8a2df867 0xf0f977b2 0x00c2e544 0x979c3088 0xc72d0b9c

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 300 perpetual
Total VPN Peers : 300 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 1000 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
VPN Load Balancing : Enabled perpetual

^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[^[cnnic_asa_exit_cb: Accelerator boot err Accelerator boot failed status 4.

--- Begin of accelerator boot log ---
Using user supplied board name: CUST_CLARK, number: 20003
Using user supplied DDR 0 spd address(es)/file(s): /asa/cavium/accelerator_spd
Read 128 values from spd file: /asa/cavium/accelerator_spd
PCIE port 0
All cores in reset, skipping soft reset.
Using bootloader image: /asa/cavium/u-boot.bin
Notice: Using board default DDR clock of: 0 hertz.
Warning: Using generic default DDR clock of 533000000 hertz.
Initialized 1024 MBytes of DRAM
Setting dram_size in env
Starting cores 0x1
Powering up additional cores.
Timeout waiting for boot completion!

--- End of accelerator boot log ---
Invalid log size 0
(set_exptime) Timer not a leaf 0x00007f8188df9210. Traceback: 0x0000562437e7263e 0x0000562437e69edd 0x0000562437e7a0ea 0x0000562437e7453c 0x00005624398a6aab 0x00005624398a82a3 0x00007f81cac7ec60 0x0000562437e6ce16 0x0000562438ac1053 0x00005624398ac1e1 0x0000562437e7d6f6 0x00007f81c62b5340 0x00005624398acd0b 0x0000562437e47e16 0x00007f81c62918f0 0x41d589495541f689
mgd_timer_set_exptime: Not a leaf called from 0x0000562437e7a0ea
core0 same core snap_count=1 signo=11 RIP=562437e7a12b

-----------------------------------------------
Traceback output aborted.
Flushing first exception frame:
r8 0x000056243fe0dd50

Thank you for the info. must appreciated..