Password Recovery on the Cisco ASA Security Appliance

January 16, 2017 | By 456@dmin | Filed in: Uncategorized.

In this article, I & # 39; ll explain how to perform a password "reset" on the Cisco ASA security appliance. The term is most commonly used in the procedure "password recovery", which is left over from the days when you could actually see passwords in plain text configuration files. Today, those passwords are encrypted, and in fact are not recoverable. Instead, you will have access through the console port of the device and the password (s) known values.

This procedure requires physical access to the device. Will Power cycle the unit from the mains, the power strip and plug it in again. Then the boot process and change the value of the configuration register to prevent the device from reading the configuration stored in the trunk. Since the unit ignores the saved configuration on boot, you are able to access the configuration mode without a password. If you & # 39; the configuration mode, you can load the saved configuration flash memory, your passwords to a known value, change the configuration register to say that the device will load the saved configuration start and charge the device again.

Caution: As with all configuration procedures, these procedures have to be tested in the laboratory before use in production environments to ensure suitability for the position.

The following steps were designed with a Cisco ASA 5505 Security Appliance. They are not suitable for Cisco PIX Firewall appliance.

1. Power-cycle security device by removing and re-inserting the power plug from the outlet.

2. When prompted, press Esc to boot process and enter ROM monitor mode. Immediately see rommon prompt (rommon # 0>).

3. The rommon confreg issue the command to view the current configuration register setting: rommon # 0> confreg

4. The current configuration register is the default of 0x01 (this is actually shown 0x00000001 ). The safety device asks if you want to make changes in the configuration register. Answer no when prompted.

5. you need to change the configuration register to 0x41, which tells the machine to ignore the saved (startup) configuration startup: rommon # 1> 0x41 confreg

6. Return the unit the boot command: rommon # 2> boot

7. Note that the safety devices are ignored in the startup configuration during the boot process. When it finishes booting, you should see a generic User Mode prompt: ciscoasa>

8. Enter the enable command to enter privileged mode. When prompted for a password, press (at this point, and the password is blank): ciscoasa> enable password: ciscoasa #

9. Copy the startup configuration file to the running configuration with the following command: copy startup-ciscoasa # config running-config Destination filename [running-config]?

10. The previously saved configuration is now in the running configuration, but because the safety device has been privileged mode, privileged access is not restricted. Next, enter configuration mode, enter the following command to change the privileged mode password to a known value (in this case, we & # 39; ll use the password system): ASA # conf t asa (config) #enable password system

11. While still in configuration mode, reset the default configuration register 0x01 to force a safety device to read the startup boot configuration: ASA (config) # config -register 0x01

12. to view the following commands in the configuration register setting: ASA (config) #exit asa # show version

13 at the bottom of the output of the show version command, you should see the following statement: configuration register 0x41 (will be 0x1 next reload)

14. Save the current configuration with the copy run start command to the above changes permanent: asa # when copying start Source filename [running-config]

15. Reinstall the safety equipment: asa # config reload system has been modified. Rescue? [Y] and / [N] o yes

Cryptochecksum: e87f1433 54896e6b 4e21d072 d71a9cbf

2149 bytes copied 1.480 seconds (2149 bytes / sec) Continue to reload? [Confirm]

When the security appliance reloads, you can use the new password to access privileged mode.

Copyright (c) 2007 Don R. Crawley

Source by Don R. Crawley

Leave a Reply

Your email address will not be published. Required fields are marked *