Cisco ASA Password Recovery Procedure

Cisco ASA Password Recovery Procedure 

The Cisco ASA Password Recovery Procedure is a key process that helps network managers to recover access to their Cisco ASA devices if they have forgotten their passwords or have been locked out due to invalid credentials. 

Network administrators frequently forget the passwords they have specified for their Cisco ASA devices. In such circumstances, the password recovery technique is required in order to restore access without requiring a factory reset.

Immediate access to the ASA may be required in critical scenarios such as network disruptions or security events. The password recovery technique aids in swiftly regaining control of the device.

Cisco ASA
Fig 1.1- Cisco ASA

Step1: Connect a console cable to the ASA and power cycle it (turn it off and on again). 

Step2: Press continuously the “ESC” key on your keyboard until the device gets into ROMMON mode. This mode shows the following prompt: 
rommon #1> 

Step3:Now we must modify the "configuration register," which is a specific register that controls how the device starts up and so on. 
rommon #1>confreg

The security appliance displays the current configuration register value, and asks if you want to change the value. Answer no when prompt.
Current Configuration Register: 0x00000011
Configuration Summary:
boot TFTP image, boot default image from Flash on netboot failure
Do you wish to change this configuration? y/n [n]: n

Step4:Now we must manually change the confreg value to 0x41 which means that the appliance will ignore the startup-configuration when booting. Then, reboot the appliance.
rommon #2>confreg 0x41
rommon #3>boot

Step5: Now the ASA will ignore its startup configuration and boot up without asking for a password.
Password: *****

Step6: Copy the startup configuration file into the running configuration.

NDNA_ASA# copy startup-config running-config
Destination filename [running-config]? 

Step7: Now configure a new privileged level password (enable password) and also reset the configuration register to its original value (0x01)

NDNA_ASA# conf t
NDNA_ASA(config)#enable password NDNA123!
NDNA_ASA(config)# config-register 0x01
NDNA_ASA(config)# wr mem

Step8: Reload the appliance. Now you should be able to log in with the new password.
NDNA_ASA(config)# reload

Continue Reading...