Restoring Factory Defaults to the Cisco ASA5505 Firewall via the Console
January 16th, 2007 by Anthony Curreri
If you are like me, you tend to click things just to see how they work. Sometimes they don’t work. At all. If you’ve mucked up the IP, vlan, etc settings and the Cisco ASDM can’t get into the device, it’s time for more desperate measures. If you can get into the ASDM, it is easier to Reset to Factory Defaults using the Cisco’s ASDM.
There is a button on the back of the device that says ‘Reset’. This button appears to be entirely for looks. I think will help you fix the problem as much as this button will:
Instead, you’ll need to use the Console Port!
- hook up the blue console cable to your serial port, plugging the other end into ‘Console’ port on the ASA 5505. The console port looks like a network jack, but it’s above the usb ports.
- Use hyperterminal, click Start, Programs, Accessories, Communications, Hyperterminal, create a connection on Com1 using the terminal settings:
- Bits per second: 9600
- Data bits: 8
- Parity: None
- Stop bits: 1
- Flow control: None
- After you open your connection, press enter a couple times, and you should get a prompt like: ‘ciscoasa>’, or ‘nameofyourdevice>’
- type ‘ena’
to go to enable mode. Enter the password, or just press enter if there is no password set. - type ‘config t’
- type ‘config factory-default’
- hit spacebar when the ‘more’ thing happens. You want to get back to the prompt that looks like: ‘ciscoasa(config)#’
- type ‘reload save-config noconfirm’
- make sure that the outside line is plugged into port zero, and your pc is plugged into any of the ports 1-7.
- The Cisco ASA has been reset to factory settings. DHCP is enabled on the cisco device, and it’s internal IP address is now 192.168.1.1!
- If you had an enable password set, you may need to enter that in the password box when you try to connect using the ASDM. Otherwise the default username and password is to leave both blank.
If you found this helpful, help me by checking out the ads on the right. Thank you!
Link to this post! Copy and paste this code into your blog or website:
<a href="http://www.mailbeyond.com/restoring-factory-defaults-to-the-cisco-asa5505-firewall-via-the-console"> Restoring Factory Defaults to the Cisco ASA5505 Firewall via the Console </a>
Thanks. I needed that. The only thing I added was to do a wri mem after it was set then reload.
I am setting up a vpn for the first time and wanted to have a clean place to start. This was exactly what I needed.
Do i lose some license-stuff or similar if i reset the asa to factory-default? I have to save files before?
best regards
omen
The only thing you’ll lose is the current configuration. If you want to back that up, follow the first group of steps I have here: Changing VPN endpoint IP on the Cisco asa5505.
well thats fine, just need the factory default.
thx and best regards
omen
[...] (Source) [...]
Thanks – confiming to others this worked as stated. Much appreciated and saved me a tonne time trying to get any sense out of documentation.
Thank you – works just like you described and saved me considerable pain trying to make sense of Cisco waffle.
Thanks for a very helpful post. What about the “reload save-config noconfirm” thing though? What does that do?
“reload” is instructing the unit to reboot. “save-config” means before that reload, the unit is going to save the running configuration to flash. “noconfirm” just makes it so that you don’t have to hit enter to confirm the command you’ve just typed in (I hate that).
I always like to make sure the running configuration is saved to non-volatile flash memory in case the ASA 5505 loses power. The way to ensure the unit will come back up correctly in the event of a power failure is to reboot it!
i need to configure cisco firewall using asdm but do not the tool
please any one can tell where i can download freely asdm tool
You actually download the tool from the device. Browse to https://192.168.1.1/admin and you should get the option to download it. Here is the page from Cisco with more information.