How to Do a Password Recovery on a Cisco ASA Firewall

| Comments

Perhaps you’ve forgotten the password to your firewall? This post will answer the question: How do I restore the password on a Cisco ASA?

Password Recovery

To recover passwords, perform the following steps:

  • Console into the ASA.

  • Reboot the ASA

  • Press the escape key during reboot to enter ROMMON.

  • Tell the firewall to ignore the startup config on next reload:
    rommon #1> confreg

The following will be displayed:

Current Configuration Register: 0x00000011
Configuration Summary:
boot TFTP image, boot default image from Flash on netboot failure
Do you wish to change this configuration? y/n [n]:

  • Jot down the config register value for later.

  • Enter y to say yes.

  • Hit enter at each prompt to accept the default. When you get to “disable system configuration” hit y.

  • Reboot the ASA
    rommon #2> boot

At this point the ASA should reload and completely bypass the configuration.

  • When the firewall reboots it will not prompt a console user for a username and the enable password is blank. Go into enable mode.

  • Restore the old config
    copy startup-config running-config

  • Enter config mode and reset the password
    configure terminal
    password NEW_PASSWORD
    enable password NEW_PASSWORD
    username USER password NEW_PASSWORD

  • Restore the config registry to where it was to begin with. This is the number you wrote down earlier.
    config-register 0x0000###

  • Save your config copy running-config startup-config

At this point you have regained access to the firewall and restored the config file and registry to where it before the password reset.

Further reading

Link to all Cisco product password recovery pages.

asa, cisco, firewall, password recovery, troubleshooting