ASA 5510密码恢复,思科其他同产品防火墙未试过 估计大同小异:
1.关闭重启防火墙,当界面出现以下两句话时按"ESC“键
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
2.进入rommon模式,然后修改寄存器
rommon #1> confreg
Current Configuration Register: 0x00000001 #---当前ASA的寄存器值
Configuration Summary:
boot default image from Flash
Do you wish to change this configuration? y/n [n]: y
enable boot to ROMMON prompt? y/n [n]: y
select specific Flash image index? y/n [n]: n
disable system configuration? y/n [n]: y
go to ROMMON prompt if netboot fails? y/n [n]: y
enable passing NVRAM file specs in auto-boot mode? y/n [n]: y
disable display of BREAK or ESC key prompt during auto-boot? y/n [n]: n
Current Configuration Register: 0x00102040 #---修改后的寄存器值
Configuration Summary:
boot ROMMON
ignore system configuration
load ROMMON if netboot fails
pass NVRAM file specs in auto-bootloader mode
Update Config Register (0x102040) in NVRAM…
3.重启ASA
rommon #1> boot
4.修改Enable密码
ciscoasa>enable
Password:(回车即可)
ciscoasa#configure terminal #---进入配置
ciscoasa(config)#enable password XXX #---设定新的enable密码
注:这里先修改一次enable的密码,为了待会可以进入配置
5.还原原有配置
ciscoasa(config)# copy startup-config running-config
ASA (config)# copy running-config startup-config
注:上面还原配置写了两段是因为将启动配置还原后 刚设定的Enable密码就被覆盖掉了,我是先将启动配置还原,然后重新设定Enable密码,再保存配置,你们可以按照实际情况来配
6.寄存器立刻改回原值
ASA (config)# config-register 0x01
7.重启ASA
ASA # reload 回车