Many times, Network and security administrators forget the password of Cisco ASA firewall and it becomes a headache to remember them especially when in multinational companies having security policy to change the device password every quarter or even month.

So, below password recovery procedure is quite a handy guide for IT guys –


To recover passwords, perform the following steps:

  • Console into the ASA.
  • Reboot the ASA
  • Press the escape key during reboot to enter ROMMON.
  • configure the firewall to ignore the startup config on next reload:

rommon #1>


The following will be displayed:

Current Configuration Register: 0x00000011

Configuration Summary:

boot TFTP image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]:

  • Note down the config register value for later use
  • Enter y to say yes.
  • Hit enter at each prompt to accept the default. When you get to “disable system configuration” hit y.
  • Reboot the ASA

rommon #2>


At this point the ASA should reload and completely bypass the configuration.

  • When the firewall reboots it will not prompt a console user for a username and the enable password is blank. Go into enable mode.
  • Restore the old config

copy startup-config running-config

  • Enter config mode and reset the password

configure terminal


enable password NEW_PASSWORD

username USER password NEW_PASSWORD

  • Restore the config registry to where it was to begin with. This is the number you wrote down earlier.

config-register 0x0000###

  • Save your config

copy running-config startup-config

Now, you have gained access to the firewall and restored the config file and registry to where it before the password reset.

Share this:


Related Posts

About The Author

Add Comment

Social Media Auto Publish Powered By :
Select your currency
USD United States (US) dollar