Here is a quick how to reset Cisco ASA (Adaptative Security Appliance) to factory default. You will need a serial console access to achieve this task.
1. At early boot process, just hit escape [esc] key when suggested as followed :
Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008 Platform ASA5505 Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. Boot interrupted.
And you will end up with the following command prompt :
rommon #0>
2. Enter the following command to see what configuration we are running first :
confreg
And this should return something like this :
rommon #0> confreg Current Configuration Register: 0x00000001 Configuration Summary: boot default image from Flash Do you wish to change this configuration? y/n [n]: n
(You should say no about changing the configuration.)
3. Register the default configuration on boot :
confreg 0x41
The output will look like :
rommon #1> confreg 0x41 Update Config Register (0x41) in NVRAM...
4. Then boot on the default config :
boot
Console output :
rommon #2> boot Launching BootLoader... Boot configuration file contains 1 entry. Loading disk0:/asa822-k8.bin... Booting... Platform ASA5505 Loading... Disabling IRQ #9 dosfsck 2.11, 12 Mar 2005, FAT32, LFN Starting check/repair pass. Starting verification pass. /dev/hda1: 94 files, 9097/31033 clusters dosfsck(/dev/hda1) returned 0 Set 'tap0' persistent and owned by uid 0 IO memory 39583744 bytes Processor memory 141643776, Reserved memory: 41943040 (DSOs: 0 + kernel: 41943040) [...] Ignoring startup configuration as instructed by configuration register. Type help or '?' for a list of available commands. ciscoasa>
5. Enter the privileged access mode :
enable
You will be prompted for a password, just leave it blank.
6. Copy the current default running configuration to be the startup configuration and press enter :
copy startup-config running-config
Console output :
ciscoasa> enable Password: ciscoasa# copy startup-config running-config Destination filename [running-config]? INFO: outside interface address added to PAT pool .. Cryptochecksum (unchanged): a4697d06 3ffffb9e bbc4928a bef38b45 5298 bytes copied in 5.660 secs (1059 bytes/sec) vdl-5505#
7. Enter in configuration mode :
conf t
8. Change the “enable” password to a known value :
enable password system
9. Register the running configuration on boot :
config-register 0x01
10. Write configuration to memory :
copy run start
Console output :
vdl-5505# copy run start Source filename [running-config]? Cryptochecksum: 8ce80471 55ccb516 364b0437 c3967f04 5298 bytes copied in 1.290 secs (5298 bytes/sec) vdl-5505#
11. Restart your device with the following command :
reload
Console ouput :
vdl-5505# reload Proceed with reload? [confirm] vdl-5505# *** *** --- START GRACEFUL SHUTDOWN --- Shutting down isakmp Shutting down webvpn Shutting down File system *** *** --- SHUTDOWN NOW --- Process shutdown finished