Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA - Pwd Recovery Procedure


I followed the listed instructions to recover the password for an ASA and after rebooting the ASA I get the   rommon #0> prompt.

I was wondering if the below procedure is the correct one or if I am doing something wrong.

Thanks for you assistance.

Best, ~sK

rommon #0> confreg

Current Configuration Register: 0x00000001
Configuration Summary:
  boot default image from Flash

Do you wish to change this configuration? y/n [n]: yenable boot to ROMMON prompt? y/n [n]:
enable TFTP netboot? y/n [n]:
enable Flash boot? y/n [n]:
select specific Flash image index? y/n [n]:
disable system configuration? y/n [n]: ygo to ROMMON prompt if netboot fails? y/n [n]:
enable passing NVRAM file specs in auto-boot mode? y/n [n]:
disable display of BREAK or ESC key prompt during auto-boot? y/n [n]:

Current Configuration Register: 0x00000040
Configuration Summary:
  boot ROMMON
  ignore system configuration

Update Config Register (0x40) in NVRAM...

rommon #1> boot

We can now reload the ASA with the boot command.

Once the ASA has been reloaded, we can enter privileged mode without any password (the startup-config has been bypassed).

ciscoasa> en
Password: [enter]

Now we load the startup-config in the running-config

ciscoasa# copy startup-config running-config

Destination filename [running-config]?

Cryptochecksum (unchanged): ab580f48 aeed7459 2da4751b b0061ac3

1726 bytes copied in 0.50 secs

We enter global configuration mode and change the password.

CLE_ASA# conf t
CLE_ASA(config)# enable password Cisco

We change back the configuration register value.

CLE_ASA(config)# config-register 0x00000001

Now You can save your running-config.

CLE_ASA# copy running-config startup-config 
New Member

ASA - Pwd Recovery Procedure

I found the solution.

The reason why the asa would go back to the rommon is because the config-register needed to be set back to the default. I issued the following command, saved the config, and reloaded. That was successful.

CLE_ASA(config)# no config-register

Best, ~sK

CreatePlease to create content