If you have forgotten the password to access your ASA configuration or need to perform maintenance on an ASA device but do not have administrative access, this process will guide you through the steps that are necessary to recover the password to administer it. You must be physically connected to the device for this method to work. In my case, I am directly consoled to the device through a serial cable connection and using PuTTY to reach into the device itself.
- Reboot the device. While it is powering up, press the escape key to enter ROMMON.
- To tell the device to ignore its normal configuration when the device is reloaded enter the following while in ROMMON:
rommon #0> confreg
You will see the current configuration register (normally 0×00000001) and will be prompted to to change its value. Be sure to make note of the register value so you can change it back later, when you are finished making changes.
- Enter Y at the “Do you wish to change this configuration?” prompt to change the register value.
- Accept the defaults (you don’t not need to specify Y/N, the default is already picked for you, simply hit enter to accept) for all settings except the “disable system configuration?” setting, select Y at this prompt as depicted below.
- Reload the ASA to have it pick up the changes you just made.
rommon #0> boot
You should now be able to access the ASA by typing “en” to get to enable mode and then “conf t” to enter global config mode. From here you can paste in the config file you would like to use or simply change the password so you can administer the device as you normally would.
hostname(config)# password password
hostname(config)# enable password password
hostname(config)# username name password password
Finally, to exit out of ROMMON and have the ASA boot with its normal startup configuration, enter “confreg” value, where value is the previously noted registry value we recorded, 0×1. If you have trouble finding the usage or syntax of this command type “help” to well, help you.
rommon #1> confreg 0×1
Followed by a reload, as pictured below.
The ASA should boot up normally now and you should be able to go about your business without any further complications. Let me know if you know of any easier or better ways of resetting passwords for ASA devices.