can't log into 5505 after formatting flash (LOCAL account)
I have some remote ASA5505's that I am going to need to format the flash and push new code to. I have about 60 sites to do, and no remote hands(no remote console either). So I grabbed a 5505 on my dest to test the upgrade procedure. I blasted in a config identical to a remote site and got busy. The problem is that after formatting the flash, and bushing the code back, I can no longer log into the asa. SSH just times out after a minute, and console login doesn't work.
Here is the procedure I used.
login to asa via ssh
crypto key zeroize rsa noconfirm
crypto key generate rsa general modulus 2048 noconfirm
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
enable password cisco
username cisco password cisco privilege 15
ssh scopy enable
I then push asa847-k8.bin via scp from my local machine (same machine that I am currently ssh'd from)
wr mem (to copy the running-config and the reset usernames/passwords to the newly formatted flash)
At this point the new flash should have a new crypto key, asa image, and a startup-config which is identical to what it had before.
The ASA boots fine. However at this point, ssh the same as before times out. So I plug in a console cable and get a username prompt. using cisco/cisco which I reset above does not work. I'm assuming for some reason the hash is messed up for my passwords... but why?
I really need some method of formatting these flash drives without having to console in since all of my sites don't have remote hands.
The solution for the bug is to copy running-config off of asa to tftp server, format flash, download the new image and the running-config just copied back to the freshly formatted flash, copy flash:running-config startup-config, reload.
I've done this procedure as well, but I have the same problem. As soon as The asa reboots, I am locked out. I can ping the intefaces directly, but ssh & telnet times out on both the inside and outside interfaces, and I can no longer console in when I could imediately prior to the reboot.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :