Sometimes, you forget the password of the Cisco ASA, and you are not able to access the device via CLI and GUI. In that case, you need to do password recovery in order to access the device. You need to connect the ASA with Console cable. Below is the procedure on Cisco ASA 5545-X.

Step 1: Power cycle the ASA

Remove the power cable from power supply and put it back. Now, ASA will try to reboot.

Step 2:  Enter into Rommon mode

When ASA reboots, you will see a message in console saying enter Escape key to enter to Rommon mode. Press Escape within 10 seconds, otherwise the device will be boot into user exec mode. When you successfully enter to the Rommon mode, you will see the below promt.

rommon #1>

Step 3: Change the config register value

Change the config register value to 0*41 by entering the below command. This will skip the startup config when the device boots. Please note that the default config register value of ASA is 0*1.

rommon #1>confreg 0*41

Step 4: Boot the device

Boot the device using “boot” command in Rommon mode.

rommon #2>boot

Step 5: Enter to privilege exec mode 

Then the device will boot as if a new box without loading the existing config.

ciscoasa>enable

Password:   <There is no password set, so hit enter>

ciscoasa#

Step 6: Copy the existing startup config to running config

ciscoasa# copy start run

Step 7: Reset the passwords

ciscoasa(config)#username <put the username> password <put the password>

ciscoasa(config)#Password <put the password>

ciscoasa(config)#enable password <put the password>

Step 8: revert the config register changes that we had set in Rommon mode

ciscoasa(config)#no config-register

Step 9: Save the config to startup memory.

ciscoasa#write memory

 

Now, you have successfully recovered the password. If you want to verify the config register value, then check the bottom of “show version” output.