HOW TO RESET A CISCO ASA 5510 TO FACTORY DEFAULTS


ByTamara Tangney, CCNA

This post is part of a series on configuring Cisco ASA 5510 firewallsCisco
The scenario: I recently acquired a used ASA 5510 from another internal department, but the login details had been lost along the way. So I had a perfectly functional firewall, but no way to reconfigure it to my needs. So, I needed a way to get into the ASA, and reset the password. Although, as the configuration that’s already there was of no use to me, I just removed the config entirely.
In brief, this process involves booting the appliance, and then interrupting the boot process part way through. We then change the configuration register, to force the appliance to ignore it’s saved config. The appliance then boots with a minimal basic configuration, and crucially for our needs, bypasses the unknown passwords allowing us in to reconfigure it. Once in we can erase the saved config (or just reset the password if you want the config) reset the configuration register to it’s original value, and reboot the appliance – simple!
  1. Connect your console cable and make sure you can see the command prompt for the ASA – even if you can’t log in. You will need to stop the boot process early on, so you don’t want to be messing about trying to get the console to work while it’s booting, or you’ll miss your prompt, and have to start again.
  2. Power cycle the appliance – flick the power switch on the front off and on again.
  3. Watch the boot progress, and when prompted, press Esc to interrupt the boot and enter ROM Monitor mode. you should now see the rommon prompt:
    rommon #0>
  4. Enter the confreg command to view the current Configuration Register setting:
    rommon #0> confreg
  5. The appliance will most probably have the default Configuration Register setting of 0x01. Answerno when it asks you if you want to change the Configuration Register setting.
  6. Change the Configuration Register to 0x41, which causes the appliance to bypass its saved config at boot:
    rommon #1> confreg 0x41
  7. Reboot the appliance with the boot command:
    rommon #2> boot
  8. The appliance bypasses its startup configuration. When it finishes booting, you should see the default prompt:
    ciscoasa>
  9. Enter the enable command to enter Privileged Mode. The default password is blank, so when the appliance prompts you for a password, simply press return:
    ciscoasa> enable
  10. Erase the startup config by issuing the write erase command:
    ciscoasa# write erase
  11. Enter Configuration Mode:
    ciscoasa# configure terminal
  12. Reset the Configuration Register to the default of 0x01:
    ciscoasa(config)# config-register 0x01
  13. Exit from Configuration mode:
    ciscoasa(config)# exit
  14. Verify the Configuration Register settings by issuing the Show Version command:
    ciscoasa# show version
  15. At the bottom of the output, you should see the Configuration Register settings: Configuration register is 0x41 (will be 0x1 at next reload)
  16. Save the settings by issuing the write command:
    ciscoasa# write
  17. Reboot the appliance:
    ciscoasa# reload
  18. When the appliance reboots, it will have a basic factory default configuration, with a blank password.
You can now proceed to configure the firewall as necessary.

Comments