To recover passwords for the ASA, perform the following steps:
Step 1
Step 2
Step 3
Step 4
rommon #1> confreg 0x41
Update Config Register (0x41) in NVRAM…
Step 5
rommon #1> confreg
The ASA displays the current configuration register value, and asks whether you want to change it:
Current Configuration Register: 0x00000041
Configuration Summary:
boot default image from Flash
ignore system configuration
Do you wish to change this configuration? y/n [n]: y
Step 6
Step 7
The ASA prompts you for new values.
Step 8
Step 9
rommon #2> boot
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa800-226-k8.bin... Booting...Loading...
The ASA loads the default configuration instead of the startup configuration.
Step 10
hostname> enable
Step 11
The password is blank.
Step 12
hostname# copy startup-config running-config
Step 13
hostname# configure terminal
Step 14
hostname(config)# password password
hostname(config)# enable password password
hostname(config)# username name password password
Step 15
hostname(config)# no config-register
The default configuration register value is 0x1.
Step 16
hostname(config)# copy running-config startup-config
On the ASA, the no service password-recovery command prevents a user from entering ROMMON mode with the configuration intact. When a user enters ROMMON mode, the ASA prompts the user to erase all Flash file systems. The user cannot enter ROMMON mode without first performing this erasure. If a user chooses not to erase the Flash file system, the ASA reloads. Because password recovery depends on using ROMMON mode and maintaining the existing configuration, this erasure prevents you from recovering a password. However, disabling password recovery prevents unauthorized users from viewing the configuration or inserting different passwords. In this case, to restore the system to an operating state, load a new image and a backup configuration file, if available.