Passwort-Recovery für Cisco ASA Firewall: Anleitung
Password Recovery
To recover passwords, perform the following steps:
- Console into the ASA.
- Reboot the ASA
- Press the escape key during reboot to enter ROMMON.
- Tell the firewall to ignore the startup config on next reload:
rommon #1>confreg
The following will be displayed:
Current Configuration Register: 0x00000011
Configuration Summary:
boot TFTP image, boot default image from Flash on netboot failure
Do you wish to change this configuration? y/n [n]:
-
Jot down the config register value for later.
-
Enter
y
to say yes. -
Hit enter at each prompt to accept the default. When you get to “disable system configuration” hit
y
. -
Reboot the ASA
rommon #2>boot
At this point the ASA should reload and completely bypass the configuration.
-
When the firewall reboots it will not prompt a console user for a username and the enable password is blank. Go into enable mode.
enable
-
Restore the old config
copy startup-config running-config
-
Enter config mode and reset the password
configure terminal
password NEW_PASSWORD
enable password NEW_PASSWORD
username USER password NEW_PASSWORD
-
Restore the config registry to where it was to begin with. This is the number you wrote down earlier.
config-register 0x0000###
-
Save your config
copy startup-config running-config
At this point you have regained access to the firewall and restored the config file and registry to where it before the password reset.