I recently ran into a situation with a new Cisco ASA 5512-X IPS where I needed to fully reset it back to its factory default settings (ok, I entered a password incorrectly, twice. Thankfully it wasn’t in production yet). After some searching and reading, I came up with the following (get out of jail) process.

Note 1: I’m not a Cisco expert or engineer of any sort, so please proceed with absolute care. You can’t really destroy anything with this process, but misuse of this guide could cause undesired results.

Note 2: I’m not a Cisco export or engineer of any sort, however, I don’t see any reason why the following guide couldn’t be used at the very least, on any 5500 series Cisco ASA device. It may even apply to more devices than I am aware of. Again, please proceed with absolute care if you are using this guide on anything that is not a Cisco ASA 5512-X IPS.

Note 3: If you just want to reset the configuration and you haven’t lost access to the device, follow steps 1 and 2, and then skip down to the bottom.

Step 1.

Connect to the Cisco ASA 5512-X IPS with the serial over ethernet cable. This is otherwise known as the console cable. In most cases, it’s long, thin and light blue in colour. Connect the RJ45 end to the console port of the Cisco ASA 5512-X IPS and the other end to a computer or laptop with a serial port. You can’t just use a network cable. It won’t work.

Step 2.

Use PuTTY (download here), to connect to the Cisco ASA 5512-X IPS console. Change the Connection Type to Serial. In most cases, the Serial Line value will be COM1 with a Speed (aka baud rate) of 9600. Click the [Open] button to connect. If you have other devices connected via serial, you may need to substitute COM1 for COM2, or COM3, or COM4, etc. You’ll know when you’ve struck gold, because you’ll be able to see the Cisco ASA 5512-X IPS prompt.

(click here to skip to the bottom if you’re just factory resetting the configuration)

Step 3.

Immediately restart the Cisco ASA 5512-X IPS. You can either use the # reload command (after using # enable first, if you’re locked out this won’t be possibleor physically switch the Cisco ASA 5512-X IPS off, and then on again (handy if you’re locked out).

Step 4.

Pay attention! When you see the Booting from ROMMON prompt in the console window (there’ll be a 10 second count down timer), press the ESC key to interrupt. You’ll be quickly dropped to a rommon #1> prompt.

Step 5.

Enter the command: confreg. You’ll see a value that follows the text: Current Configuration Register: 0x00000001. Note yours down. This specific value (0x00000001) tells the Cisco ASA 5512-X IPS to boot normally, reading the previously saved configuration into memory.

Step 6.

You’ll be prompted to change the configuration now. Type a Y.

Step 7.

Answer the prompts as follows:

enable boot to ROMMON prompt? y/n [n]: n
enable TFTP netboot? y/n [n]: n
enable Flash boot? y/n [n]: y
select specific Flash image index? y/n [n]: n
disable system configuration? y/n [n]: y (this it the value that's most important to us at this step)
go to ROMMON prompt if netboot fails? y/n [n]: n
enable passing NVRAM file specs in auto-boot mode? y/n [n]: n
disable display of BREAK or ESC key prompt during auto-boot? y/n [n]: n

Step 8.

After the last prompt above, you’ll see a summary as follows:

Current Configuration Register: 0x00000041
Configuration Summary:
boot default image from Flash
ignore system configuration
Update Config Register (0x41) in NVRAM...
rommon #2>

Step 9.

We can now boot the Cisco ASA 5512-X IPS with the command: # boot

Step 10.

Any system configuration previously saved will be skipped, and a factory default configuration will be loaded. Now it’s time to reset the global (cisco) password.

Step 11.

At the ciscoasa> prompt, type: enable (press enter). The password will be nothing (just press enter again).

Step 12.

Copy the current startup configuration to the running configuration using the following command: # copy startup-config running-config (press enter).

Step 13.

Enter global configuration mode by running the following command: # configure terminal

Step 14.

Set the global password back to blank (nothing) with the following commands:

# password password
# enable password password
# username name password password

Step 15.

Copy the current running configuration to the startup configuration using the following command: # copy running-config startup-config (press enter).

Step 16.

Restart the Cisco ASA 5512-X IPS. You can either use the # reload command (after using enable firstor physically switch the Cisco ASA 5512-X IPS off, and then on again.

Step 17.

Pay attention! When you see the Booting from ROMMON prompt (there’ll be a 10 second count down timer), press the ESC key to interrupt. You’ll be quickly dropped to a rommon #1> prompt.

Step 18.

Enter the command: confreg. You’ll see a value that follows the text: Current Configuration Register: 0x00000041. Note yours down. This specific value tells the Cisco ASA 5512-X IPS to boot normally, skipping any previously saved configuration, loading a factory default configuration into memory.

Step 19.

You’ll be prompted to change the configuration now. Type a Y.

Step 20.

Answer the prompts as follows:

enable boot to ROMMON prompt? y/n [n]: n
enable TFTP netboot? y/n [n]: n
enable Flash boot? y/n [n]: y
select specific Flash image index? y/n [n]: n
disable system configuration? y/n [n]: n (this it the value that's most important to us at this step)
go to ROMMON prompt if netboot fails? y/n [n]: n
enable passing NVRAM file specs in auto-boot mode? y/n [n]: n
disable display of BREAK or ESC key prompt during auto-boot? y/n [n]: n

Step 21.

After the last prompt above, you’ll see a summary as follows:

Current Configuration Register: 0x00000001
Configuration Summary:
boot default image from Flash
Update Config Register (0x1) in NVRAM...
rommon #2>

Step 22.

We can now boot the Cisco ASA 5512-X IPS with the command: # boot

Step 23.

The system configuration previously saved will be loaded, with a factory default configuration. You can now proceed to configure your Cisco ASA 5512-X IPS as new again!

 

Factory Reset the Configuration Only

  1. At the console prompt ciscoasa> type enable (press enter)
  2. If prompted, enter your password and press enter (the default password is nothing, just press enter).
  3. Type: # configure terminal (press enter)
  4. Type: # configure factory-default (press enter)
  5. Type: # reload save-config noconfirm (press enter)

Credits

The following links made this guide possible:

ASA Password Recovery

Restoring Factory Defaults to the Cisco ASA5505  Firewall via the Console

Howto reset factory defaults Cisco ASA Series 5500 series 5505 5510 5520

Cisco ASA 5500-X Series Quick Start Guide

Cisco ASA 5512-X Adaptive Security Appliance

Over the past three weeks, I have spent considerable time trying to get Apple’s latest Mac OS X offering (Mavericks) working on non-apple hardware. Mainly because Apple had released it for free (are you coming to the show, Microsoft?) and my old Snow Leopard OS X computer was starting to get… well, long in the tooth 😉

As I said, three weeks. Obviously I wasn’t working on it for three weeks night and day, but I did spend a fair amount of time to get to the configuration I am using to write this very post. Not much of this post actually pertains to the fact that I installed Mac OS X Mavericks on a Toshiba Laptop, it’s more that I couldn’t find many posts that mentioned any type of PC or laptop, so I figured there had to be others like me out there, possibly with a Toshiba laptop, trying to install Mac OS X Mavericks on it.

Warning!

The following is my journey. It comes with absolutely no warranty of any kind and I do not accept any responsibility at all, regardless of you following my instructions to the letter or not, if this results negatively for you in some way. Back up all data and proceed at your own risk.

Installation Media

To get the installation media from Apple, you need an existing Mac with at least Mac OS X 10.6 and AppStore installed. My 10.3 SL, was not going to cut it. Why couldn’t I update? My 10.3 SL machine, has an Intel atom processor that is no longer supported in newer releases of Mac OS X. I tried anyway, it failed. Thankfully, I was able to restore from a Time Machine backup. Use Time Machine! It’s awesome!

I ended up a little off course, but to get Apple OS X Mavericks, I downloaded a VMWare Virtual Machine image with Mac OS X Mavericks already installed. Your adventure with VMWare Workstation and OSX Mavericks, starts here: http://www.souldevteam.net/blog/2013/10/06/os-x-mavericks-10-9-retail-vmware-image-release-notes-links/. There is a video on the blog post, Watch It And Pay Attention!

You will also need VMWare Workstation. The 30 day trial is completely unrestricted and works perfectly fine. I am running VMWare Workstation 10.0.1 at the time of writing. You’ll see in the video (and downloaded files) that earlier versions of VMWare Workstation are also supported. Your adventure with VMWare Workstation, starts here: https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/10_0.

Note: You must use VMWare Workstation for Windows, on Windows. VMware Workstation will need to be patched (unlocked), to be able to run Mac OS X Mavericks. The patch that accompanies the VMWare Workstation image is designed for Windows, not for Linux. Sorry, Linux users. If you’re clever enough, you might be able to get it to work on Linux. I haven’t look into this at all. Let me know if you are successful.

Once you have VMWare Workstation installed with your Mac OS X Mavericks virtual machine running, use the AppStore to download Mac OS X Mavericks 10.9, for free!

Of course, if  you have access to an actual Mac or a Hackintosh with Mac OS X 10.6 or higher, you are home free. Install the AppStore if you haven’t done so already and download Mac OS X Mavericks, for free!

Note: To download Mac OS X Mavericks, you will need to be signed into an Apple account. Just an FYI. It’s no big deal. An account is free and you don’t need to have a credit card or any payment options set up to download Mac OS X Mavericks. It’s free, really!

Once you have Mac OS X Mavericks downloaded, don’t install it. It looks like an App, and may try to install itself (even though you may be on Mac OS X Mavericks already). If it does, just cancel the install.

Read More →