ASA 5500X Password Recovery

One day I want to reimage our ASA 5516X box in our office labs from ASA software to FTD software. Unfortunately, due to pandemics, it’s been a quite long time since we use this box, so no one remembers the password, and password recovery must be done before we can continue to reimage.

Perform the following steps:

  1. Connect to the ASA via console port.
    You can use putty or any tools you want, I’m using SecureCRT here.
  2. Reboot the ASA, press ESC when you’re prompted to enter the ROMMON mode.
  3. Update the configuration register value
  4. Record the current configuration register value, so you can restore it later.
  5. Answer the questions as follows
  6. Then, the confreg value will change to 0x00000041
  7. Boot the firewall with the “boot” command
  8. ASA will boot with blank password and default hostname (ciscoasa)
  9. Copy start-up config to running-config with command.
  10. After we restore the config, we can change the password and don’t forget to change back the config register value to the value we record earlier or simply type the “no config-register” command.

Disabling Password Recovery

If you want to disable the password recovery feature, use the “no service password-recovery” command to prevent any user from entering ROMMON mode with the configuration intact.

This command will ask the user to erase all flash file systems when the user attempts to enter ROMMON. The ASA will reload if the user opted to cancel the process.

Context-Visibility Error on Cisco ISE 3.0 How to Fix
Reimage ASA 5516X to FTD

Leave a Reply

Your email address will not be published / Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.