Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

I'm Locked out of my ASA 5505 :(

It seems that I managed to set a field that determines what IP is authorized to administer the ASA, and I set it to 192.168.10.28 to go along with the new iniside IP of 192.168.10.12. Well, that subnet got an error and doesn't yet exist, but authorization did apparently transfer away from 192.168.1.1 which is still my inside IP.

While I was in there I tried to set Vlan3 to be 192.168.1.1 and authorize it in case things went afoul, but Vlan3 got an error and failed too.

So I tried pressing and holding the reset button. It doesn't work. The book says it is for future use, and using the CLI blue cable in COM 1 I can see that my outside IP is still in place, meaning the reset button did not reset the device.

I can still get in with CLI on COM1, but don't know the commands. If someonce could point me to a CLI command reference I might get it. I found one for PIX but it doesn't seem to work. Or maybe the command to allow https access on 192.168.1.1 again.

Thank you in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: I'm Locked out of my ASA 5505 :(

If you just want to reset it and start over, log into it, go into enable mode by typing "enable" put in your enable password, then type "conf t" then "clear configure all" . If you just want to re-ip and re-authorize, whichever vlan you want to re-address, you go into config mode "conf t" then type "interface vlan x" then "ip address x.x.x.x y.y.y.y" where x.x.x.x is the address and y.y.y.y is the subnet mask. Then type "http x.x.x.x y.y.y.y INSIDE" where x.x.x.x is your ip address and y.y.y.y is the subnet. If you are only using your IP, then 255.255.255.255 is sufficient. If you want the whole network to be able to access it, use the network mask. You will also need to make sure that you have typed "http server enable" at some point if you havent already. You can find the command line reference, configuration guide, etc... for 8.x code here: http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_80/index.htm

and for 7.2 code here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/index.htm

for all code versions, look here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/index.htm

good luck.

2 REPLIES
Community Member

Re: I'm Locked out of my ASA 5505 :(

If you just want to reset it and start over, log into it, go into enable mode by typing "enable" put in your enable password, then type "conf t" then "clear configure all" . If you just want to re-ip and re-authorize, whichever vlan you want to re-address, you go into config mode "conf t" then type "interface vlan x" then "ip address x.x.x.x y.y.y.y" where x.x.x.x is the address and y.y.y.y is the subnet mask. Then type "http x.x.x.x y.y.y.y INSIDE" where x.x.x.x is your ip address and y.y.y.y is the subnet. If you are only using your IP, then 255.255.255.255 is sufficient. If you want the whole network to be able to access it, use the network mask. You will also need to make sure that you have typed "http server enable" at some point if you havent already. You can find the command line reference, configuration guide, etc... for 8.x code here: http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_80/index.htm

and for 7.2 code here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/index.htm

for all code versions, look here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/index.htm

good luck.

Community Member

Re: I'm Locked out of my ASA 5505 :(

Thank you very much. I'm back in, and I have a lot more useful information as well.

674
Views
0
Helpful
2
Replies
CreatePlease to create content