Scenario:
Make: Cisco
Model: Cisco ASA 5500-X [ASA 5506-X, ASA 5506 W-X, ASA 5508-X etc]
Mode: CLI [Command Line Interface]
Description: In this article, we will discuss the stepwise method of how to reset Cisco ASA firewalls to its factory default settings. This configuration method is valid for 5500-X series ASAs.
Here we will discuss the method of factory reset the Cisco ASA firewalls. After factory reset the ASA will reset to factory default setting i.e. password will be wiped out and reset to default. Management or inside interface will be set to default IP and on DHCP mode. We will discuss here are two methods to reset ASA to factory default settings
Method 1
Step1: Connection
Connect ASA with console cable
Step2: Login
Login to the ASA using username & password.
Step3: Factory Reset
Execute the command shown below to reset ASA to factory default.
edledge-asa#
edledge-asa# conf t
edledge-asa(config)# configure factory-default
Based on the inside IP address and mask, the DHCP address
pool size is reduced to 250 from the platform limit 256
WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.
Begin to apply factory-default configuration:
Clear all configuration
WARNING: The crypto map entry will be incomplete!
WARNING: Local user database is empty and there are still 'aaa' command for 'LOCAL'
Press Space key a few times to execute the command.
Step4: Save & Reload
Save the changes and reload the Cisco ASA
<save the config>
edledge-asa# wr
Building configuration...
Cryptochecksum: 845e144f f5e1443e 5e14144f 95e1444f
3384 bytes copied in 0.170 secs
[OK]
<reload the ASA>
edledge-asa# reload
Proceed with reload? [confirm]
This will reset the Cisco ASA firewalls to factory default settings
Method 2
Step1: Connection
Connect ASA with console cable
Step2: Power Cycle
Reload the cisco ASA using the switch or power cable.
Step3: Rommon Mode
As soon as the ASA starts booting use the Escape “ESC” button or break to interrupt boot.
Step4: Reset
Execute the command as shown below to reset the ASA to Cisco ASA.
Cisco>
Cisco> en
Cisco# confreg 0x41
Step5: At the prompt enter Y to save the configuration and continue
Step6: Reboot
Reload the ASA.
Cisco# bootYour ASA is booting to last boot system image in your configuration.
Step7: Delete Configuration
Login to the ASA and delete the configuration. Leave the password blank after executing the enable command.
Cisco>
Cisco> en
Cisco # write erase
Step8: Set Configuration Register
Set Configuration Register to default 0x01
Cisco>
Cisco> en
Cisco # config t
Cisco(config)# config-register 0x01
Cisco(config)# write
Cisco(config)# exit
Cisco#
Step9: Reload
Reload the ASA
Cisco# reloadCisco ASA will start with factory default settings after next reload. Since the bootvar is not set yet, ASA will start with the first image in the flash:
Other important topics
- Cisco Firewall or ASA Active/Standby Failover Configuration
- Configure SSH On Cisco ASA Firewall CLI
- Cisco ASA Unsupported SFR Module
- Cisco ASA IOS Upgrade/Downgrade CLI
- Reimage or Update Cisco ASA SFR Module
Source: Cisco, Knowledge Base, Internet
EA00169