Password Recovery On The Cisco ASA Security Appliance

On this article, I will clarify how you can carry out a parole “readjust” in your Cisco ASA safety equipment. The extra generally used period of time for this process is “parole restoration” which is left from the multiplication when you possibly can truly view paroles in configuration information in plain matter content. Right now, such paroles are encrypted and ne’er truly recoverable. As an alternative, you’ll acquire entry to the equipment by way of the console port and readjust the parole(s) to celebrated values.

This process requires bodily entry to the machine. You’ll power-cycle your equipment by unplugging it on the energy strip and plugging it once again in. You’ll then interrupt iron boot course of and alter the configuration register worth to forestall the equipment from perusal its saved configuration at boot. For the reason that machine ignores its saved configuration on boot, you’ll be able to entry its configuration modes with out paroles. When you’re in configuration mode, you’ll load the saved configuration from flash reminiscence, change the paroles to a celebrated worth, change the configuration register worth to inform the machine to load its saved configuration on boot, and recharge the machine.

Password Recovery On The Cisco ASA Security Appliance

Warning: As with all configuration procedures, these procedures must be examined in a laboratory atmosphere previous to exercis in a manufacturing atmosphere to make a point suitpower in your scenario.

The next stairs had been designed utilizing a Cisco ASA 5505 Security Appliance. They don’t seem to be applicable for a Cisco PIX Firewall equipment.

1. Energy-cycle your safety equipment by eradicating and re-inserting the power plug on the energy strip.

2. When prompted, press Esc to interrupt iron boot course of and enter ROM Monitor mode. It’s best to instantly see a rommon immediate (rommon #0>).

3. On the rommon immediate, enter the confreg command to view the present configuration register setting: rommon #0>confreg

4. The present configuration register must be the default of 0x01 (it is going to truly show as 0x00000001). The safety equipment will ask if you wish to make modifications to the configuration register. Reply no when prompted.

5. It’s essential to change the configuration register to 0x41, which tells the equipment to disregard its saved (inauguration) configuration upon boot: rommon #1>confreg 0x41

6. Reset the equipment with iron boot command: rommon #2>boot

7. Discover that the safety equipment ignores its inauguration configuration in the course of iron boot course of. When it finishes booting, you need to see a generic Person Mode immediate: ciscoasa>

8. Enter the allow command to enter Privileged Mode. When the equipment prompts you for a parole, only press (at this level, the parole is clean): ciscoasa>allow Password: ciscoasa#

9. Copy the inauguration configuration file into the operational configuration with the next command: ciscoasa#copy inauguration-config running-config Vacation spot file name [running-config]?

10. The beforehand saved configuration is now the lively configuration, yet for the reason that safety equipment is already in Privileged Mode, privileged entry is just not disabled. Subsequent, in configuration mode, enter the next command to alter the Privileged Mode parole to a celebrated worth (on this case, we’ll use the parole system): asa#conf t asa(config)#allow parole system

11. Whereas however in Configuration Mode, readjust the configuration register to the default of 0x01 to drive the safety equipment to learn its inauguration configuration on boot: asa(config)#config-register 0x01

12. Use the next operational instructions to view the configuration register setting: asa(config)#exit asa#present model

13. At backside of the output of the present model command, you need to see the next assertion: Configuration register is 0x41 (will probably be 0x1 at future recharge)

14. Save the present configuration with the copy run begin command to make the above modifications persistent: asa#copy run begin Supply file name [running-config]

15. Reload the safety equipment: asa# recharge System config has been modified. Save? [Y]es/[N]o:sure

Cryptochecksum: e87f1433 54896e6b 4e21d072 d71a9cbf

2149 bytes derivable in 1.480 secs (2149 bytes/sec) Proceed with recharge? [confirm]

When your safety equipment recharges, you need to be capable of use your new readjust parole to enter privileged mode.

Copyright (c) 2007 Don R. Crawley

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button