Password Restoration on the Cisco ASA Safety Equipment

In this post, I will make clear how to execute a password “reset” on your Cisco ASA stability appliance. The additional normally applied phrase for this treatment is “password restoration” which is remaining around from the times when you could truly check out passwords in configuration information in simple text. Today, these kinds of passwords are encrypted and not actually recoverable. In its place, you will acquire access to the appliance by means of the console port and reset the password(s) to acknowledged values.

This technique requires actual physical accessibility to the gadget. You will power-cycle your equipment by unplugging it at the electric power strip and plugging it again in. You will then interrupt the boot method and transform the configuration register benefit to reduce the appliance from looking at its saved configuration at boot. Given that the gadget ignores its saved configuration on boot, you are equipped to entry its configuration modes without passwords. Once you might be in configuration manner, you will load the saved configuration from flash memory, transform the passwords to a known value, adjust the configuration sign up value to explain to the machine to load its saved configuration on boot, and reload the machine.

Warning: As with all configuration treatments, these strategies really should be examined in a laboratory setting prior to use in a creation natural environment to make sure suitability for your situation.

The subsequent techniques had been built utilizing a Cisco ASA 5505 Stability Equipment. They are not correct for a Cisco PIX Firewall equipment.

1. Energy-cycle your security appliance by taking away and re-inserting the electricity plug at the electric power strip.

2. When prompted, press Esc to interrupt the boot method and enter ROM Watch manner. You ought to immediately see a rommon prompt (rommon #0>).

3. At the rommon prompt, enter the confreg command to perspective the present configuration register placing: rommon #0>confreg

4. The present configuration sign up need to be the default of 0x01 (it will essentially show as 0x00000001). The protection appliance will question if you want to make improvements to the configuration sign up. Solution no when prompted.

5. You have to alter the configuration register to 0x41, which tells the appliance to overlook its saved (startup) configuration upon boot: rommon #1>confreg 0x41

6. Reset the equipment with the boot command: rommon #2>boot

7. Discover that the stability appliance ignores its startup configuration for the duration of the boot system. When it finishes booting, you need to see a generic User Manner prompt: ciscoasa>

8. Enter the empower command to enter Privileged Manner. When the appliance prompts you for a password, only press (at this issue, the password is blank): ciscoasa>enable Password: ciscoasa#

9. Copy the startup configuration file into the managing configuration with the following command: ciscoasa#copy startup-config operating-config Location filename [running-config]?

10. The previously saved configuration is now the active configuration, but considering that the safety equipment is now in Privileged Manner, privileged entry is not disabled. Up coming, in configuration manner, enter the adhering to command to alter the Privileged Manner password to a recognized worth (in this scenario, we’ll use the password method): asa#conf t asa(config)#help password program

11. Although however in Configuration Mode, reset the configuration sign up to the default of 0x01 to force the security equipment to study its startup configuration on boot: asa(config)#config-sign-up 0x01

12. Use the next instructions to watch the configuration sign-up placing: asa(config)#exit asa#present edition

13. At base of the output of the clearly show model command, you must see the adhering to statement: Configuration register is 0x41 (will be 0x1 at future reload)

14. Preserve the existing configuration with the copy operate begin command to make the previously mentioned alterations persistent: asa#copy run commence Supply filename [running-config]

15. Reload the security appliance: asa# reload Program config has been modified. Help you save? [Y]es/[N]o:certainly

Cryptochecksum: e87f1433 54896e6b 4e21d072 d71a9cbf

2149 bytes copied in 1.480 secs (2149 bytes/sec) Carry on with reload? [confirm]

When your stability appliance reloads, you should really be equipped to use your newly reset password to enter privileged method.

Copyright (c) 2007 Don R. Crawley

Leave a Reply