You’ll see a value that follows the text: Current Configuration Register: 0x00000041. You’ll be quickly dropped to a rommon #1> prompt.Įnter the command: confreg. Pay attention! When you see the Booting from ROMMON prompt (there’ll be a 10 second count down timer), press the ESC key to interrupt. You can either use the # reload command (after using enable first ) or physically switch the Cisco ASA 5512-X IPS off, and then on again.
Set the global password back to blank (nothing) with the following commands: # password passwordĬopy the current running configuration to the startup configuration using the following command: # copy running-config startup-config (press enter). The password will be nothing (just press enter again).Ĭopy the current startup configuration to the running configuration using the following command: # copy startup-config running-config (press enter).Įnter global configuration mode by running the following command: # configure terminal Now it’s time to reset the global (cisco) password.Īt the ciscoasa> prompt, type: enable (press enter). We can now boot the Cisco ASA 5512-X IPS with the command: # bootĪny system configuration previously saved will be skipped, and a factory default configuration will be loaded.
Go to ROMMON prompt if netboot fails? y/n : nĮnable passing NVRAM file specs in auto-boot mode? y/n : nĭisable display of BREAK or ESC key prompt during auto-boot? y/n : nĪfter the last prompt above, you’ll see a summary as follows: Current Configuration Register: 0x00000041Ĭonfiguration Summary: boot default image from Flash ignore system configuration Update Config Register (0x41) in NVRAM. Select specific Flash image index? y/n : nĭisable system configuration? y/n : y (this it the value that's most important to us at this step) Type a Y.Īnswer the prompts as follows: enable boot to ROMMON prompt? y/n : n You’ll be prompted to change the configuration now. This specific value (0x00000001) tells the Cisco ASA 5512-X IPS to boot normally, reading the previously saved configuration into memory. You’ll see a value that follows the text: Current Configuration Register: 0x00000001. Pay attention! When you see the Booting from ROMMON prompt in the console window (there’ll be a 10 second count down timer), press the ESC key to interrupt. You can either use the # reload command (after using # enable first, if you’re locked out this won’t be possible ) or physically switch the Cisco ASA 5512-X IPS off, and then on again (handy if you’re locked out). Immediately restart the Cisco ASA 5512-X IPS. ( click here to skip to the bottom if you’re just factory resetting the configuration) You’ll know when you’ve struck gold, because you’ll be able to see the Cisco ASA 5512-X IPS prompt. If you have other devices connected via serial, you may need to substitute COM1 for COM2, or COM3, or COM4, etc.
Change the Connection Type to Serial. In most cases, the Serial Line value will be COM1 with a Speed (aka baud rate) of 9600.
Use PuTTY ( download here), to connect to the Cisco ASA 5512-X IPS console. Connect the RJ45 end to the console port of the Cisco ASA 5512-X IPS and the other end to a computer or laptop with a serial port. In most cases, it’s long, thin and light blue in colour. This is otherwise known as the console cable. Note 3: If you just want to reset the configuration and you haven’t lost access to the device, follow steps 1 and 2, and then skip down to the bottom.Ĭonnect to the Cisco ASA 5512-X IPS with the serial over ethernet cable. Again, please proceed with absolute care if you are using this guide on anything that is not a Cisco ASA 5512-X IPS. It may even apply to more devices than I am aware of.
Note 2: I’m not a Cisco export or engineer of any sort, however, I don’t see any reason why the following guide couldn’t be used at the very least, on any 5500 series Cisco ASA device. You can’t really destroy anything with this process, but misuse of this guide could cause undesired results. Note 1: I’m not a Cisco expert or engineer of any sort, so please proceed with absolute care.
After some searching and reading, I came up with the following ( get out of jail) process. I recently ran into a situation with a new Cisco ASA 5512-X IPS where I needed to fully reset it back to its factory default settings (ok, I entered a password incorrectly, twice.