| Follow me on:

Create PDF    Send article as PDF to   

Cisco ASA – Full recovery

May 24th, 2011

While trying to perform a password recovery on a Cisco ASA, I noticed that the password recovery feature was disabled on the appliance. Without the password recovery feature enabled, you can recover the Cisco ASA, but the file system will be wiped completely.

During the boot of the Cisco ASA you need to press ESC to enter rommon and you will receive the following warning.

WARNING:  Password recovery and ROMMON command line access has been
disabled by your security policy.  Choosing YES below will cause ALL
configurations, passwords, images, and files systems to be erased.
ROMMON command line access will be re-enabled, and a new image must be downloaded via ROMMON.

Erase all file systems? y/n [n]: y

Permanently erase Disk0: and Disk1:? y/n [n]: y

All data from disk0: will be erased after which you will gain access to the rommon of the appliance. To perform the full recovery you need to enter the following commands:

rommon #0> interface <interface id>
rommon #1> address <IP address>
rommon #2> file <image name>
rommon #3> server <IP address TFTP server>
rommon #4> tftp

The new image will be loaded to the Cisco ASA appliance and the appliance will boot with its default configuration. After the Cisco ASA is booted you have the format disk0:. When you issue the show disk0: command before the format, you will notice that there is no free space on the disk. After the format you need to upload the appropriate ASA and ASDM image.

Be aware that after performing a full recovery the previous VPN-3DES-AES activation keys and other licenses will be lost. You can get a new activation key at http://www.cisco.com/go/license.

René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, HP Networking, Juniper Networks, RSA, PaloAlto Networks, Microsoft and many more. René is CCNA (Routing & Switching, Security), CCNP , Cisco ASA Specialist and CEFFS certified. You can follow René on Twitter and LinkedIn.
René Jorissen
View all posts by René Jorissen
Company website

Related Articles

Leave a Reply

  • my Tweetz

    • @robmaaseu @aerohive has good features, especially the ppsk is very nice. #byod and mobile users need some more attention in the future 3 hrs ago
    • @robmaaseu @aerohive I do like it, but I miss some functionalities, like auth. fall through, bandwith control per ssid and some more 3 hrs ago
    • Just built another @AeroHive environment with different ssid's, PPSK groups and captive portal designs 4 hrs ago
    • @Aerohive sent me a mail to view last weeks UltraLight Branch Webinar, but I get a "404 Not Found"........ 12 hrs ago
    • @mramsmeets they are for MDM. ClearPass is for secure access to the wifi environment, especially for guest access and #BYOD 16 hrs ago
    • More updates...

    Powered by Twitter Tools