Many times, Network and security administrators forget the password of Cisco ASA firewall and it becomes a headache to remember them especially when in multinational companies having security policy to change the device password every quarter or even month.

So, below password recovery procedure is quite a handy guide for IT guys –

To recover passwords, perform the following steps:

  • Console into the ASA.
  • Reboot the ASA
  • Press the escape key during reboot to enter ROMMON.
  • configure the firewall to ignore the startup config on next reload:

rommon #1>


The following will be displayed:

Current Configuration Register: 0x00000011

Configuration Summary:

boot TFTP image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]:

  • Note down the config register value for later use
  • Enter y to say yes.
  • Hit enter at each prompt to accept the default. When you get to “disable system configuration” hit y.
  • Reboot the ASA

rommon #2>


At this point the ASA should reload and completely bypass the configuration.

  • When the firewall reboots it will not prompt a console user for a username and the enable password is blank. Go into enable mode.
  • Restore the old config

copy startup-config running-config

  • Enter config mode and reset the password

configure terminal


enable password NEW_PASSWORD

username USER password NEW_PASSWORD

  • Restore the config registry to where it was to begin with. This is the number you wrote down earlier.

config-register 0x0000###

  • Save your config

copy running-config startup-config

Now, you have gained access to the firewall and restored the config file and registry to where it before the password reset.


Related Posts

About The Author

Add Comment

Social Media Auto Publish Powered By :
Select your currency
USD United States (US) dollar