About Me

I have worked in IT Support, Software Development, Network Support and general IT Analyst. Like most System Administrators I am multi-talented , understanding modern technical systems, as well as having an in-depth understanding of IS Policy

Thursday, 20 March 2014

Factory Reset an ASA 5505

This will help you reset a Cisco ASA 5505 to its factory defaults and upgrade the IOS and ASDM version on it. 
  • Install TFTP d to your PC. http://tftpd32.jounin.net/
  • Make sure that the TFTP directory contains your images. An example will be.
    • Asa842-k8.bin
    • Asdm-645.bin

  • Connect your laptop to the asa using a console cable
  • Change the laptop ip to one on the asa's network
  • Copy both files to the flash of the ASA

  • If you need more space you can delete the older images. List what files are in there using the command show flash







  • To delete run the command delete filename
  • Change the config so that it boots from the new image
    boot system disk0:/asa842-k8.bin
    You may need to remove the old line
1. Power-cycle your security appliance by removing and re-inserting the power plug at the power strip.

2. When prompted, press Esc to interrupt the boot process and enter ROM Monitor mode. You should immediately see a rommon prompt (rommon #0>).

3. At the rommon prompt, enter the confreg command to view the current configuration register setting: rommon #0>confreg

4. The current configuration register should be the default of 0x01 (it will actually display as 0x00000001). The security appliance will ask if you want to make changes to the configuration register. Answer no when prompted.

5. You must change the configuration register to 0x41, which tells the appliance to ignore its saved (startup) configuration upon boot: rommon #1>confreg 0x41

6. Reset the appliance with the boot command: rommon #2>boot

7. Notice that the security appliance ignores its startup configuration during the boot process. When it finishes booting, you should see a generic User Mode prompt:
8. Enter the enable command to enter Privileged Mode. When the appliance prompts you for a password, simply press (at this point, the password is blank): ciscoasa>enable Password: ciscoasa#
ciscoasa> en
Password:  (blank)
ciscoasa# conf t
ciscoasa(config)#
Paste in the net config and watch for any errors

9. Write to memory. wr mem

10. The previously saved configuration is now the active configuration, but since the security appliance is already in Privileged Mode, privileged access is not disabled. Next, in configuration mode, enter the following command to change the Privileged Mode password to a known value (in this case, we'll use the password syst0m):  You can use the usual password
asa#conf t
#enable password syst0m

11. While still in Configuration Mode, reset the configuration register to the default of 0x01 to force the security appliance to read its startup configuration on boot:
asa(config)#config-register 0x01

12. Use the following commands to view the configuration register setting:
asa#show version

13. At bottom of the output of the show version command, you should see the following statement: Configuration register is 0x41 (will be 0x1 at next reload)

14. Save the current configuration with the copy run start command to make the above changes persistent:
asa#copy run start press return
Source filename [running-config]

15. Reload the security appliance: asa# reload System config has been modified. Save? [Y]es/[N]o:yes

Cryptochecksum: e87f1433 54896e6b 4e21d072 d71a9cbf

2149 bytes copied in 1.480 secs (2149 bytes/sec) Proceed with reload? [confirm]
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)