Image : http://www.flickr.com
This article will explain how to perform a password "back" on your Cisco ASA security appliance. The usual term for this procedure is "password recovery" that the days of remains, if you could actually view passwords in configuration files in text format. Today, such passwords are encrypted and not actually recoverable. Instead, you will restore access to the device through the console port and password (s) win the known values.
This procedurerequires physical access to the device. You will have the power cycle your appliance by pulling the plug on the power strip and plugging it back in. Register will then stop to change the boot process and the configuration value for the device from reading its stored configuration to prevent booting. Since the device ignores its saved configuration on boot, you will be able to access their configuration modes without passwords. Once in configuration mode, load the saved configurationFlash memory, change the password to a known value, change the configuration register value to tell the device to load the saved configuration on boot, and load the device.
Caution: As with all configuration procedures, these procedures should be tested in a lab environment before using in a production environment to ensure suitability for your situation.
The following steps were developed using a Cisco ASA 5505 security appliances. You are not appropriate for a Cisco PIXFirewall Appliance.
1st Power-cycle your security appliance by removing and reinserting the plug strip.
2nd When prompted, press Esc to interrupt the boot process and enter ROM monitor mode. You should immediately prompt ROMmon (ROMmon # 0>).
At the 3rd ROMmon command prompt, type the command confreg the current configuration register setting of the display: confreg ROMmon # 0>
4th The current configuration register should be the standard of 0x01 (itactually appear as a 0x00000001). The safety device asks if you want to record the configuration changes. Answer No when prompted.
5th You must change the configuration register 0x41, which saved the unit on his (starting) Boot Configuration: ROMmon> ignore # 1 0x41 confreg
6 Set the boot device with the command: # boot ROMmon 2>
7th Note that the security device ignores its startup configuration during the boot process. If youStart has been completed, would make a general user mode:> ciscoasa
8th Enter the enable command to enter privileged mode. If the device requires a password, just press (at this point, the password is blank)> ciscoasa enable Password: ciscoasa #
9th Copy the startup configuration file in the current configuration with the following command: # ciscoasa copy startup-config Destination filename running-config [] running-config? "
The 10th previously savedThe configuration is now the active configuration, but because the safety device is already in privileged mode, privileged access is not disabled. Next system password in the configuration mode, type the following command to the privileged mode to change the password to a known value (in this case we use the password system): ASA # conf t ASA (config) # enable
11 While still in configuration mode, to restore your registry to force the default of 0x01 to the safety device, readstartup configuration on boot: ASA (config) # config-register 0x01
12 ° Use the following command to display the configuration register setting: ASA (config) # exit asa # show version
13 bottom of the exit command show version, you must use the following statement: configuration register 0x41 (0x1 will be at next reload)
14th Save the current configuration running with the Start command to copy the above changes permanent: ASA make # copy run start Source filename[] Running-config
15th Load safety device: ASA # reload System config has been changed. Save? [Y] es / N [] o: yes
Cryptochecksum: e87f1433 54896e6b 4e21d072 d71a9cbf
2149 bytes in 1.480 seconds (2149 bytes / sec) take copies with charging? [Confirm]
If charging your security appliances, you should go to use your newly reset password to privileged mode.
Copyright (c) 2007 R. Don Crawley
Visit : Hipmore Ferret Digital Frame Car insurance estimates Free auto insurance rate Mesothelioma directory
No comments:
Post a Comment