Written on 2015-09-20 19:30:59
For factory resetting an 'Adaptive Security Appliance', some CLI work has to be done. In the following no prior configuration knowledge is assumed.
Cisco switches are shipped with a blue female DB9-to-RJ45 adapter cable. (A null modem will not help here, as you need a RJ45 plug at the end which you connect to the ASA's CONSOLE port.)
Such a cable has to be connected to your ASA, and either your serial port of your comp. Since most desktops/laptops do not ship with an rs232 interface anymore, get yourself an male-male USB-to-DB9 adapter.
If you do not have the original cisco cable, use a comparable one: Juniper i.e. ships regular RJ45 ethernet cables plus an female-female RJ45-to-DB9 adapter which works just the same.
In the following a linux operating system is assumed; on windows this works, too.
However you have to plug in the adapter, and find out which COM port is used via the device manager, you need this information later when using
On linux you can either go along with
minicom, or just use
screen. (I have the slight feeling I have written down all this somewhere else already on the blog...)
#as root screen /dev/ttyUSB0 9600
... and you are connected. Cisco devices in general use 9600 baud, 8bit, 1 stop bit, no flow control. Once I read on official docs about 2 stop bits, but it worked with 1, so go figure it out from the manual if you have trouble with these settings.
power cycle - turn it off and on again, so it freshly boots after you have connected the serial cable
ESC here during boot:
Evaluating BIOS Options ... Launch BIOS Extension to setup ROMMON
Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST 2005
Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately.
confirm current configuration register, if promted if you wish to change anything, answer with 'no':
rommon #0> confreg
Current Configuration Register: 0x00000001 Configuration Summary: boot default image from Flash
Do you wish to change this configuration? y/n [n]: n
after the appliance has rebooted, you should see this prompt:
enter privileged mode:
erase startup config:
enter config mode:
exit config mode:
show version, see the end: Configuration register is 0x41 (will be 0x1 at next reload)
Done. You now have a fresh ASA at your disposal.