Here is a quick how to reset Cisco ASA (Adaptative Security Appliance) to factory default. You will need a serial console access to achieve this task.
1. At early boot process, just hit escape [esc] key when suggested as followed :
1 2 3 4 5 6 |
Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008 Platform ASA5505 Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. Boot interrupted. |
And you will end up with the following command prompt :
1 |
rommon #0> |
2. Enter the following command to see what configuration we are running first :
1 |
confreg |
And this should return something like this :
1 2 3 4 5 6 7 |
rommon #0> confreg Current Configuration Register: 0x00000001 Configuration Summary: boot default image from Flash Do you wish to change this configuration? y/n [n]: n |
(You should say no about changing the configuration.)
3. Register the default configuration on boot :
1 |
confreg 0x41 |
The output will look like :
1 2 |
rommon #1> confreg 0x41 Update Config Register (0x41) in NVRAM... |
4. Then boot on the default config :
1 |
boot |
Console output :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
rommon #2> boot Launching BootLoader... Boot configuration file contains 1 entry. Loading disk0:/asa822-k8.bin... Booting... Platform ASA5505 Loading... Disabling IRQ #9 dosfsck 2.11, 12 Mar 2005, FAT32, LFN Starting check/repair pass. Starting verification pass. /dev/hda1: 94 files, 9097/31033 clusters dosfsck(/dev/hda1) returned 0 Set 'tap0' persistent and owned by uid 0 IO memory 39583744 bytes Processor memory 141643776, Reserved memory: 41943040 (DSOs: 0 + kernel: 41943040) [...] Ignoring startup configuration as instructed by configuration register. Type help or '?' for a list of available commands. ciscoasa> |
5. Enter the privileged access mode :
1 |
enable |
You will be prompted for a password, just leave it blank.
6. Copy the current default running configuration to be the startup configuration and press enter :
1 |
copy startup-config running-config |
Console output :
1 2 3 4 5 6 7 8 9 10 11 12 |
ciscoasa> enable Password: ciscoasa# copy startup-config running-config Destination filename [running-config]? INFO: outside interface address added to PAT pool .. Cryptochecksum (unchanged): a4697d06 3ffffb9e bbc4928a bef38b45 5298 bytes copied in 5.660 secs (1059 bytes/sec) vdl-5505# |
7. Enter in configuration mode :
1 |
conf t |
8. Change the “enable” password to a known value :
1 |
enable password system |
9. Register the running configuration on boot :
1 |
config-register 0x01 |
10. Write configuration to memory :
1 |
copy run start |
Console output :
1 2 3 4 5 6 7 |
vdl-5505# copy run start Source filename [running-config]? Cryptochecksum: 8ce80471 55ccb516 364b0437 c3967f04 5298 bytes copied in 1.290 secs (5298 bytes/sec) vdl-5505# |
11. Restart your device with the following command :
1 |
reload |
Console ouput :
1 2 3 4 5 6 7 8 9 10 11 12 13 |
vdl-5505# reload Proceed with reload? [confirm] vdl-5505# *** *** --- START GRACEFUL SHUTDOWN --- Shutting down isakmp Shutting down webvpn Shutting down File system *** *** --- SHUTDOWN NOW --- Process shutdown finished |