Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA 5505 Password Problem

I recently ran into a telnet, console, and enable password issue that was unexpected and I am hoping someone can explain what happened. 

I had two working Cisco ASA 5505's that were two end-points of a Site-to-Site VPN.  I had used the ASDM file management tools to copy disk0 startup-config.cfg to a file named old-startup-config.cfg on disk0, on both ASA systems, and I wanted those two files to function as good working startup-config backups that I could return to, right there on the firewall, if I had to.  I also used the ASDM file management tools to make configuration "zip" backups to my local computer.  I am aware that the actual startup-config file is some type of hidden file.

I had made some changes to both Cisco ASA 5505s, but no password changes, and everything was working great and was reloading great.  Then, I suddenly found that I needed to revert back to the old working configurations that I had backed up previously.  I used the ASDM file management tools to copy old-startup-config.cfg back to startup-config.cfg on disk0 on both machines.  I think I may have also issued the CLI command copy old-startup-config.cfg startup-config.  I asked both systems to reload without writing the running-config's to memory.

When the systems reloaded, the console, telnet, and enable passwords were no longer recognized on the CLI and Web interface.  The interfaces loaded normally, but the passwords didn't work and the cisco default passwords didn't work either.  I had to go to each unit's physical location and perform a power cycle and console password recovery.

I am not sure why that happened.  Is the startup-config.cfg file on disk0 an altered version of the actual startup-config configuration with missing or encrypted password credentials?  I would have never guessed in a million years that my procedure would have knocked out the enable password.

Instead of copy startup-config.cfg old-startup-config.cfg, should I have issued the command copy startup-config old-startup-config.cfg to make a local backup of a working configuration?

I have one more semi-related question.  If one uses ASDM file management to create a zip backup of a startup-config or running-config and then proceeds to restore a running-config, when does the restored running-config take effect? 

224
Views
0
Helpful
0
Replies