Many times, Network and security administrators forget the password of Cisco ASA firewall and it becomes a headache to remember them especially when in multinational companies having security policy to change the device password every quarter or even month.
So, below password recovery procedure is quite a handy guide for IT guys.
How to Recover Password on Cisco ASA Firewall?
To recover passwords, perform the following steps:
- Console into the ASA.
- Reboot the ASA
- Press the escape key during reboot to enter ROMMON.
- configure the firewall to ignore the startup config on next reload:
The following will be displayed:
Current Configuration Register: 0x00000011
boot TFTP image, boot default image from Flash on netboot failure
Do you wish to change this configuration? y/n [n]:
- Note down the config register value for later use
- Enter y to say yes.
- Hit enter at each prompt to accept the default. When you get to “disable system configuration” hit y.
- Reboot the ASA
Related: Cisco ASA 5505 Firewall Factory Reset Through Console
At this point the ASA should reload and completely bypass the configuration.
- When the firewall reboots it will not prompt a console user for a username and the enable password is blank. Go into enable mode.
- Restore the old config
copy startup-config running-config
- Enter config mode and reset the password
enable password NEW_PASSWORD
username USER password NEW_PASSWORD
- Restore the config registry to where it was to begin with. This is the number you wrote down earlier.
copy running-config startup-config
Now, you have gained access to the firewall and restored the config file and registry to where it before the password reset.
Enable Jumbo Frame on Juniper ScreenOS Firewall
Cisco Password Recovery