Cisco : Reset ASA OS to factory default

By | August 30, 2014

Here is a quick how to reset Cisco ASA (Adaptative Security Appliance) to factory default. You will need a serial console access to achieve this task.

1. At early boot process, just hit escape [esc] key when suggested as followed :

Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008

Platform ASA5505
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.

And you will end up with the following command prompt :

rommon #0>

2. Enter the following command to see what configuration we are running first :


And this should return something like this :

rommon #0> confreg

Current Configuration Register: 0x00000001
Configuration Summary: 
boot default image from Flash

Do you wish to change this configuration? y/n [n]: n

(You should say no about changing the configuration.)

3. Register the default configuration on boot :

confreg 0x41

The output will look like :

rommon #1> confreg 0x41
Update Config Register (0x41) in NVRAM...

4. Then boot on the default config :


Console output :

rommon #2> boot
Launching BootLoader...
Boot configuration file contains 1 entry.

Loading disk0:/asa822-k8.bin... Booting...
Platform ASA5505
Disabling IRQ #9
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 94 files, 9097/31033 clusters
dosfsck(/dev/hda1) returned 0
Set 'tap0' persistent and owned by uid 0
IO memory 39583744 bytes

Processor memory 141643776, Reserved memory: 41943040 (DSOs: 0 + kernel: 41943040)


Ignoring startup configuration as instructed by configuration register.
Type help or '?' for a list of available commands.

5. Enter the privileged access mode :


You will be prompted for a password, just leave it blank.

6. Copy the current default running configuration to be the startup configuration and press enter :

copy startup-config running-config

Console output :

ciscoasa> enable
ciscoasa# copy startup-config running-config

Destination filename [running-config]?

INFO: outside interface address added to PAT pool
Cryptochecksum (unchanged): a4697d06 3ffffb9e bbc4928a bef38b45

5298 bytes copied in 5.660 secs (1059 bytes/sec)

7. Enter in configuration mode :

conf t

8. Change the “enable” password to a known value :

enable password system

9. Register the running configuration on boot :

config-register 0x01

10. Write configuration to memory :

copy run start

Console output :

vdl-5505# copy run start

Source filename [running-config]? 
Cryptochecksum: 8ce80471 55ccb516 364b0437 c3967f04

5298 bytes copied in 1.290 secs (5298 bytes/sec)

11. Restart your device with the following command :


Console ouput :

vdl-5505# reload
Proceed with reload? [confirm] 

Shutting down isakmp
Shutting down webvpn
Shutting down File system

*** --- SHUTDOWN NOW ---
Process shutdown finished