Monday, August 25, 2014

Reset a cisco ASA to factory when the enable password is lost ~ then setup for web access

before you start please note you will need to 2 tools to install


hyperterminal for either windows or linux
JAVA JRE

You will need two cables

console to serial cable
2 cat5 patch cables


set your hyperterminal settings to:

  • Bits per second: 9600
  • Data bits: 8
  • Parity: None
  • Stop bits: 1
  • Flow control: None



when the device boots up interrupt is and press esc

 enter the confreg command to view the current configuration register setting: rommon #0>confreg

The current configuration register should be the default of 0×01 (it will actually display as 0x00000001). The security appliance will ask if you want to make changes to the configuration register. Answer no when prompted.

You must change the configuration register to 0×41, which tells the appliance to ignore its saved (startup) configuration upon boot:
rommon #1>confreg 0×41

Reset the appliance with the boot command:
rommon #2>boot


Notice that the security appliance ignores its startup configuration during the boot process. When it finishes booting, you should see a generic User Mode prompt:
ciscoasa>
Enter the enable command to enter Privileged Mode. When the appliance prompts you for a password, simply press (at this point, the password is blank):
ciscoasa>enable

write erase
  1. type ‘config t’
  2. type ‘config factory-default’
  3. hit spacebar when the ‘more’ thing happens. You want to get back to the prompt that looks like: ‘ciscoasa(config)#’
  4. type ‘reload save-config noconfirm’ 
  5. config-register 0x01
     
  6. write mem
    copy running-config startup-config
    

    reload
    

    enable
    

     
    

    config t 
    

    hostname ExampleASA
    

    username example password example privilege 15
    

    interface vlan 1
    

    ip address 172.100.10.1 255.255.255.0
    

    nameif inside
    

    exit
    

    wr mem
    

    copy running-config startup-config 
    

    reload
    

     
    

    enable
    

    config t
    

    int eth0/1
    

    no shutdown
    

    exit
    

    aaa authentication http console LOCAL
    

     
    

    

    http server enable
    

    aaa authentication http console LOCAL
    

    http 172.100.10.0 255.255.255.0 inside
    

    write mem
    

    copy running-config startup-config
    

     
    

     
    

     --------------------------
    

         Now we configure the internet / WAN
    

     ---------------------------
    

     
    

    (config)# interface vlan 2 
    

    ip address 212.115.192.193 255.255.255.248
    

    nameif outside 
    
exit 
    7. 


          route outside 0.0.0.0 0.0.0.0 212.115.192.192

           interface ethernet0/0

          switchport access vlan 2

         no shutdown

        global (outside) 777 interface

       nat (inside) 777 172.100.10.0 255.255.255.0

       wr mem

       copy running-config startup-config
















    


Before changing your ip to the subnet 172.100.10.x please be sure to lower your java security settings


    











Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)