Restoring Factory Defaults to the Cisco ASA5505 Firewall via the Console

If you are like me, you tend to click things just to see how they work. Sometimes they don’t work. At all. If you’ve mucked up the IP, vlan, etc settings and the Cisco ASDM can’t get into the device, it’s time for more desperate measures.

If you can get into the ASDM, it is easier to Reset to Factory Defaults using the Cisco’s ASDM.

If you forgot the enable password, Lawrence’s comment on this page might help.

There is a button on the back of the device that says ‘Reset’. This button appears to be entirely for looks. I think will help you fix the problem as much as this button will:

Instead, you’ll need to use the Console Port!

  1. hook up the blue console cable to your serial port, plugging the other end into ‘Console’ port on the ASA 5505. The console port looks like a network jack, but it’s above the usb ports.
  2. Select a terminal program.
    1. In Windows XP, use hyperterminal, click Start, Programs, Accessories, Communications, Hyperterminal, create a connection on Com1 using the terminal settings:
    2. In Windows 7, I recommend Putty. Download and install it, then make a new connection. Select the radio Type: Serial, then click Serial on the left and use these settings:
    • Bits per second: 9600
    • Data bits: 8
    • Parity: None
    • Stop bits: 1
    • Flow control: None
  3. After you open your connection, press enter a couple times, and you should get a prompt like: ‘ciscoasa>’, or ‘nameofyourdevice>’
  4. type ‘ena’ to go to enable mode. Enter the password, or just press enter if there is no password set.
  5. type ‘config t’
  6. type ‘config factory-default’
  7. hit spacebar when the ‘more’ thing happens. You want to get back to the prompt that looks like: ‘ciscoasa(config)#’
  8. type ‘reload save-config noconfirm’
  9. make sure that the outside line is plugged into port zero, and your pc is plugged into any of the ports 1-7.
  10. The Cisco ASA has been reset to factory settings. DHCP is enabled on the cisco device, and it’s internal IP address is now!
  11. If you had an enable password set, you may need to enter that in the password box when you try to connect using the ASDM. Otherwise the default username and password is to leave both blank.

Author: Anthony Curreri

Anthony Curreri has lived aboard a boat since 2007, first on a 27′ sailboat, now he lives aboard Lunasea, a 1970 Chris Craft Commander 42. He has worked at the University of Washington since 2006, graduated from the University of Wisconsin Oshkosh with a degree in Computer Science in 2004, and had his first job at a dial-up internet service provider in 1999.

96 thoughts on “Restoring Factory Defaults to the Cisco ASA5505 Firewall via the Console”

  1. Thanks. I needed that. The only thing I added was to do a wri mem after it was set then reload.

    I am setting up a vpn for the first time and wanted to have a clean place to start. This was exactly what I needed.

  2. Thanks – confiming to others this worked as stated. Much appreciated and saved me a tonne time trying to get any sense out of documentation.

  3. Thank you – works just like you described and saved me considerable pain trying to make sense of Cisco waffle.

  4. Thanks for a very helpful post. What about the “reload save-config noconfirm” thing though? What does that do?

    1. “reload” is instructing the unit to reboot. “save-config” means before that reload, the unit is going to save the running configuration to flash. “noconfirm” just makes it so that you don’t have to hit enter to confirm the command you’ve just typed in (I hate that).

      I always like to make sure the running configuration is saved to non-volatile flash memory in case the ASA 5505 loses power. The way to ensure the unit will come back up correctly in the event of a power failure is to reboot it!

  5. i need to configure cisco firewall using asdm but do not the tool
    please any one can tell where i can download freely asdm tool

  6. You can’t do this if you don’t have the device password.
    If you don’t have the password and need to reset (which will erase all settings), do this.

    Connect as above.

    Power on the device.
    When it prompts to interrupt boot sequence, do so (press space).

    It should prompt

    rommon #0>

    Type in:
    rommon #0> confreg

    Should show something like:

    Current Configuration Register: 0x00000001
    Configuration Summary:
    boot default image from Flash

    Do you wish to change this configuration? y/n [n]:

    Press n (don’t change)

    We can reset the pass by setting register 0x41, so do this:

    rommon #2> confreg 0x41

    rommon #2> reboot

    You now can login as the password has been removed.

      1. I tried the password reset after setting my ASA 5505 back to factory default. Before doing that I could access my router via but it needed a password. So… I tried the password reset and now I have nothing. Is it at all possible to guide me back. I think my problem came when I did the command by the letter but something with wrong with the “rommon #” I did my command. At rommon #0 I typed confreg and did n. I also do this at rommon #1 so that I could get to rommon #2 as it stated in the post.

        1. Are you using https? Try going to Also, make sure you are connected to a port 1-7, port 0 will now be an external interface (you may have configured it differently before). Failing that, I guess I would power cycle the device, next connect to the console port and try the reset again. I don’t remember any rommon # stuff (though this was years ago) so maybe the reset didn’t work right the first time? Sorry I can’t be more helpful.

    1. Realy good i lost my password to my 5505 NOW I can be the crazy professor that looses the password every now and then:) And no one will notice!!!!


  7. Anthony, thanks for posting this, and thanks to all others for confirming that it works and clarifying/adding to this issue. I am a UNIX guy, and this thing drives me up the walls. The command structure is so screwed up that if you have not taken it in with either your mother’s milk or the first breaths you took, it’s beyond illogical. The one thing that I am still fighting is how to upgrade it easily, and I found that taking out the FLASH drive, adding the required software through a PCMCIA-to-FLASH card in a laptop is the easiest way. It also allows me to fix whatever configuration screwups there were without having to resort to the console cable and a config t/config factory-default thing… This is really a drag if your network does not have a 192.168.1.x address range! Considering that larger FLASH cards are getting harder to come by, I have acquired a stack, so if someone needs to upgrade SW and FLASH card, I’d be happy to do it for them. Just ping me at akloth at earthlink dot net…

  8. Thanks for the details — password reset was spot on, too.

    @Axel — you can configure the dhcp to whatever range you need. I agree that it takes some time to get accustomed to the cisco ‘language’ but once you do it actually becomes intuitive fairly quickly. I, too, am a unix/linux guy which is why I appreciate having a cli to navigate/edit the config.

    Good luck, and thanks again for the information!

  9. Had an ASA5505 that was setup by another engineer (no longer around) and no one knew the password. Used Lawrence’s post to successfully reset the devices password (though I needed to press Esc to interrupt the boot sequence). Sweet. Now we can get some life out of this thing.
    Thanks OP and Lawrence!

  10. Thanks for this!

    Do you have any idea how to determine what type of license a given model has? I have an ASA 5505 lying around — my roommate was worked remotely, his company folded, and they just told him to keep it. Considering selling it, but don’t know the license type.

  11. show version and then look for licence. Mine says base license, you can also look at vpn users and such as that is the part you are upgrading for primarily.10 total vpn users on base license. 50 for upgraded, or unlimited for premium package.

  12. i did the same procedure on cisco asa 5510 series but when i reloaded after a reboot no configuration was found in running configuration even i copied startup-config to running-config but still when i reboot it the running-config is somehow erased or removed
    could you please tell me about this

    i really need help


  13. Naveed, I’ve done this many times to Cisco ASA 5505’s, I’m not sure, but I think the 5510 should work the same way. Based on your description, the only thing I can think of is that you didn’t write memory before rebooting the switch.

  14. Hey all,
    i have never used this before, so sorry for the newbie questions. When I type “confreg” in Hyperterminal, there’s a bunch of gibberish. If I press ‘Enter”, it does nothing. I am not familiar with this stuff at all, but I need to reset this stupid router since the original IT person left town. Any help with keystrokes on hyperterminal would be appreciated or pointing me to the right direction would be wonderful as well. Thank you in advance

    1. Sen, based on what you’ve said, I think you didn’t put the right information in your terminal program. Pay very close attention to all of bits, parity, and flow control stuff. The correct settings are in the instructions on this page.

      Try to following the instructions on this page from start to finish, and let me know where you get confused.

      That said, I feel I should point out that doing this procedure successfully will completely erase all the customized settings the previous IT person entered. That may be a really bad idea if the device is in production… if you have a VPN server remote clients might not be able to connect, if you have servers behind the firewall might become inaccessible, etc, etc. If you are just trying to reset the password so that you can use the device, you should check out Lawrence’s comment.

  15. Strange problem !!
    I bought an ASA5505 and tried to configure it.
    The problem is that I can not assign the vlan1 to any Ethernet port from 1 to 7, but I can assign vlan2 to E0/0,
    The original IOS is 7.24 and I upgraded it to IOS 8.24, no lucky.

    Is anyone having this problem before ?
    Not sure this is the hardware issue or software issue.


    James Z

  16. Hi,

    Got a asa5505 from a well known supplier, and seems it was ‘pre-used’ when I actually purchased it as ‘open box’. Anyway got as far as the trying to reset factory default and I get the following error

    ERROR: Command can only be executed in single router mode

    Given this has a base license running 8.3(1), I’m now not sure how it isn’t running in single router mode…


  17. Hi: Thanks for this how to. I started to config a brand new 5505, then tried to reset it to factory defaults as above. Everything seemed to work properly, and when I show config everything looks right…inside interface is, dhcpd is set to, etc.

    However, when I connect a PC to any of the inside ports, I can’t get an IP from the device, and even if I manually set the PC to, I can’t connect using ASDM or browsing to (can’t even ping it).

  18. Neil,

    Your fw should be converted into single mode..
    this should help:
    hostname(config)# mode single


  19. hello, my apologies, im a newbie too and as most of the people around here, out network admin is no longer with the company and left me nothing. i have an asa 5505 and recently we changed the company IP and i needed to set that up in the router but i couldnt login. so i decided to do a factory restore and start from a clean slate. i was able to do it and it was giving me an ip but i needed to remove the password and i reset it again to factory and now i am not getting any ip address at all. its giving me a ip address. need your expertise.


    1. Well, it wouldn’t hurt to try these factory default settings again, it’s possible you messed up a setting when you reset the password.

      Make sure you have the uplink cable plugged into port 0. It’s possible to use another port, but the factory default has you getting a DHCP on port 0.

      Failing all that, you could try setting a static IP on the outside port. The directions for that are here:

      Hope that helps.

  20. thanks for the quick response, i did try to reset it again for about 3 or 4 times now and being careful to follow the instructions carefully. on my initial reset it did work and i was getting an ip address 192. but i couldnt log in to asdm so i reset the password and did another factory reset again but now im only getting a 169 ip and port zero is plugged in to our network but when i plug in my pc to port 1-5, i do not get any led lights only on 6 and 7 but still not giving me any address. i cant connect using asdm nor and i have tried resetting it numerous times and nothing.

    1. Make sure the Lan cable is a good one, and a straight-through (not a cross-over). Make sure your PC isn’t hard coded to a single IP, but is in fact configued to automatically recieve an IP via DHCP.

      If you are connecting the ADSM to a network who is giving out IP’s in the 192.168.1.x range, you will have problems. The device’s default for the inside is Disconnect the uplink. Only connect your testing PC. If you have your computer directly connected to any of the ports 1-7, then you should get link lights and be able to access the ADSM using If not, try unplugging the cisco unit from the power, waiting a few minutes, and plugging it in again. Wait a few minutes for it to boot and then plug in your pc.

      The fact that you are not getting link lights on certain ports is troubling. You may have a hardware fault. Honestly, unless you need the advanced features of the Cisco ASA 5505, I would say run out to Best Buy and get a consumer-grade device, which will be much more user-friendly to configure…

  21. my cable is straight through and i can connect to the network directly. and we are running dhcp. our ip is at 10.0.0.x range. i have tried unplugging the uplink and just use one cable to connect the device, there are no link lights form 0-5 only 6-7 and it will still give me 169 ip. i tried pushing the reset button at the back but it seems useless. i can still connect to the device using the console but no asdm or https. any ideas? thanks

  22. The reset button on the back is useless. Try a different network cable, and a different client computer. Really, that’s all I got. I think you should get link lights regardless of how the device is configured, and especially if the device has been successfully reset to defaults.

  23. Hi,

    My job role has change slightly (as ever!) and I am now being asked to go out and do the set up of two of our sites (temporary offices), which means configuring our Cisco ASA 5505 Firewalls. I’ve not done this before, but we previously used a support company and they are proving difficult to get our firewall username / passwords from (even though we’re the customer and therefore own that information!)

    Anyway, I’ve not configured these devices before and tried it at home yesterday, proving highly unsuccessful as the popup window asks for username / password which I don’t have. Also when installing the ASDM console element it asked for IP address which I don’t know and am not sure how to find for the cisco (though saying that, I can of course find for my own router, is this the one that it wanted??)

    Absolutely newbie for cisco’s and dreading going to set them up – this week! Wednesday and Thursday at two different sites.

    Any good instructions for first timers or should I traul this thread and pick out the step by step guides for resetting and then installing?

    Sorry to be a dunce. IT literate but not cisco firewall literate!


    1. Reset the password using these instructions Lawrence submitted. I’ve never had to do this, so good luck!

      Next, use the instructions on this page to reset the Cisco ASA 5505 back to factory defaults.

      Then make sure that your ISP gives you an IP address for the Cisco device. Set it as a static IP using these directions.

      Finally, you’ll want to set up a VPN tunnel using the Cisco devices as endpoints. I didn’t write up any instructions for this, it’s been a few years since I’ve done it and I no longer have access to any of these devices. So I’m afraid you’re on your own here.


      Have your recalcitrant IT company set up the devices for you.

      Have your lawyer write them a letter threatening legal action if they do not hand over the passwords. Make sure to be clear that if recalcitrant IT company causes any interruptions in productivity that they will be sued for those damages.

      Receive passwords!

      Change the passwords!

      Fire recalcitrant IT company, hire non-recalcitrant IT company.

  24. is getting this error every time I try

    Executing command: nameif inside
    INFO: Security level for “inside” set to 100 by default.
    Executing command: ip address
    ERROR: Failed to apply IP address to interface Vlan1, as the network overlaps wi
    th interface Vlan2. Two interfaces cannot be in the same subnet.
    Executing command: security-level 100
    then only getting a 169 Ip
    have tried reseting over and over

  25. Alan, try logging into the ASDM and removing the static IP’s you have set on the interfaces, save/reboot it, and try resetting it again. The “Reset to Factory Defaults” I have here, instead of being a one shot go, is more like: “Sequentially issue commands to change things back to normal.” Clearly it’s having trouble issuing one of those commands.

    There are sort-of instructions here. Just, change it away from static, instead of setting it to static.

  26. I am able to access the 5505 firewall using connected to port 1. However, the username and password is failing. The browser am using is mozilla

  27. One thing I would like to add….

    When setting up a new network with an ASA5505 I use the command at term config

    ciscoasa(config)#configure factory-default

    Replace with the address you want the asa to be set to and this will set everything up with that subnet and netmask.

    For example… configure factory-default
    This will setup the asa to use the 10.10.20 subnet instead of the 192.168.1 subnet. This will also set DHCP to use the same.

    You access asdm with

  28. I have tried to reset the ASA 5505 that i have, i have followed all the advice, but i am getting no where, the device i have was set up quite some time ago and left, the guy has left the ocmpany with the settings for the device.
    When i try a hyperterminal session with the device, i get nothing, i cant even get the device Command line when i press enter a few times, i know the session is there as when i power off and on again, i get the:
    cisco systems page that tells me the BIOS version, and at the bottom the ROMMON version, but i cant get an further on with the reset to factory default?????
    Any help anyone.

  29. Hello.
    I’m trying to reset the password on my cisco 5505, and have followed the instructions given, but then agin it will not boot.

    It only says

    Launching BootLoader…
    Default configuration file contains 1 entry.

    Searching / for images to boot.

    Loading /asa802-k8.bin… Booting…

    It just freeze there?

  30. What is the difference between “configure factory-defaults” and “write erase”?
    The “write erase” seems to do a LOT more of a through job of clearing out any existing config than the “configure factory-defaults” seems too.

  31. @Kjetot – How long do you let it sit before you consider it “frozen”? With my ASA 5505 booting 842, it sits there at “Loading /asa42-k8.bin…” for SEVERAL MINUTES before it actually boots. First time it did it to me I thought it froze as well. It wasn’t until I was trying a restart on it and I let it sit while I was away from my desk for several minutes that I learned it wasn’t frozen. When I got back to my desk it had actually booted, just took forever.

  32. @Anthony Curreri – You have to be VERY careful when using those instructions to reset an ASA. Those register settings didn’t work in my 5505 ASA and just caused it to boot into rommon. I then had to use confreg within rommon to set the register to boot correctly. The steps I follow to reset the 5505 ASA using the console cable(clearing out the configuration along with any passwords)
    1. In global config mode: 5505(config)# write erase
    2. At the “Erase configuration in flash memory?” prompt press Enter to confirm
    3. 5505(config)# reload
    4. At the “Proceed with reload?” prompt press Enter to confirm (note that we did NOT do a “write memory” after the write erase but before the reload, nor do we want to save the configuration)
    5. After the 5505 ASA has restarted you should be prompted to “Pre-configure Firewall now through interactive prompts?” I press “n” then enter to not run the interactive setup.
    6. You should now be at the user exec: ciscoasa>
    7. If you go into priviledge exec mode, it should prompt for a password and the password will be blank.

    That’s the steps I follow. I feel this does a much better job of clearing out the configuration. It doesn’t set any of the DHCP stuff that the “configure factory-default” sets up. All in all I feel it gives a “cleaner” reset than the “configure factory-default” gives. of course it does have it’s drawbacks. After running the write erase, all of your Ethernet interfaces are shutdown. Also the ASDM is not accessible without some configuration through the console cable at the command line. What I’ve found that sort of gives the “best of both worlds” is to follow my steps above. Once you’ve done the write erase log back into the ASA and go to global config mode and enter the “configure factory-default” as you suggest above. What this does is take the very clean configuration that the “write erase” creates and turns on all the Ethernet ports, as well as does all the other nice things you’ve mentioned above making it easier to then administer the ASA through the ASDM.

  33. Your welcome! I’m glad that I could be of some help. Seems all too often I’m finding answers on the ‘net and not often enough that I’m supplying them!

  34. Thanks for your very helpful information. I have one question. I would like to reset using the factory-default but I need to set the Management IP address to one on my existing network. At the same time since it will be plugged into an existing network with a working DHCP, I need to disable the dhcp and just give the management interface a static IP that I can hit over the network. Is that possible or should I just try to set it up using the ASDM and my laptop?

    PS I am about to change over from an existing Windows Server 2003 ISA 2006 firewall to my new Cisco ASA 5510 firewall. Any suggestions or hints for making it as painless as possible. Thanks so much for your help.

      1. Oh, Stan you said management IP… You can set the inside IP using the config-factory command. Refer to Kevin W.’s comment on this page, or for more information find the comment I made on this page with a link to the Cisco documentation.

  35. Hi

    I have followed the guide and successfully changed the password for my ASA5505, i follow the instructions and i can connect to the internet after

    type ‘config factory-default’

    i release && renew my IP and i have internet access, but when i run the below command

    type ‘reload save-config noconfirm’

    its like the device loses its config?

    i tried ‘write memory’ before the reload command but that doesnt work either

    what am i doing wrong?

    but when it get to this point

    1. Spudney, the ‘save-config’ part of ‘reload save-config noconfirm’ is for writing the volatile memory to flash. If, after your reboot, you don’t see the settings you’ve written, I’m guessing either you have a hardware problem or you have your device configured to boot a different binary than you are writing to. I don’t know how to resolve either one, though.

  36. Hi

    How can i jys do a complete factory reset so that it boots properly.

    Why are Cisco devices so unnecessarily complicated?

    Sonicwall are so much easier to use and have a faster throughput when compared to similar Cisco device and much cheaper, i though when i finally got into the ASDM and configured the ASA i was thinking these cisco devices are so bad after all but for a device to not save its own config, whats that about?

    Can anyone help me as i really want to use this ASA and test it out but not being able to reboot or power off is a bummer :()

  37. So I go through the process to restore to factory defaults (had to reset the password first) and here’s what happens..

    I type ‘config factory-default’ and once that is done I can ping (I have my laptop plugged in directly to the ASA with a static IP address on that same subnet).

    However, when I type ‘reload save-config noconfirm’ and it reboots I can no longer ping that address and can’t get into the ASA with ASDM (can still get in w/ putty fine)..

    I’m just worried it is picking backup a configuration upon reboot and not the default that I’m trying to load on it.

    Please advise.

    Thanks much!

    1. Tom, the ‘save-config’ part of ‘reload save-config noconfirm’ is for writing the volatile memory to flash. Every time I’ve rebooted after issuing this command, it’s booted up with the settings I’ve written. I’m guessing either you have a hardware problem or you have your device configured to boot a different binary than you are writing to. I don’t know how to resolve either one, though–I’ve never encountered this problem, it’s been 5 years since I’ve set one of these up, and I no longer work for the group I set it up for (so I have no access to any cisco devices). Best of luck.

  38. Hi,

    Thanks for the above info.
    Maybe you can help me with (I’m not an engineer) a 5505 I’m cofiguring. I’m supposed to delete the asa & asdm .bim files, and then replace them with an older version. Problem is I deleted the files but only installed (through the asa822-k8.bin file before rebooting. Now I can’t access it unless using the serial cable. I’d like to copy the asdm-634-53.bin file to the unit but don’t know how to trough putty.

    Thanks for any help.

  39. Never mind. Got a clue as to what to do from one of the posts above. Took the mem card out, copied the file to it from my laptop card reader and all is well again.

    Thanks for this blog!

  40. Can someone please if the password was reset it,I followed the instructions,but not sure.Thanks

    Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45

    Low Memory: 632 KB
    High Memory: 507 MB
    PCI Device Table.
    Bus Dev Func VendID DevID Class Irq
    00 01 00 1022 2080 Host Bridge
    00 01 02 1022 2082 Chipset En/Decrypt 11
    00 0C 00 1148 4320 Ethernet 11
    00 0D 00 177D 0003 Network En/Decrypt 10
    00 0F 00 1022 2090 ISA Bridge
    00 0F 02 1022 2092 IDE Controller
    00 0F 03 1022 2093 Audio 10
    00 0F 04 1022 2094 Serial Bus 9
    00 0F 05 1022 2095 Serial Bus 9

    Evaluating BIOS Options …
    Launch BIOS Extension to setup ROMMON

    Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008

    Platform ASA5505

    Use BREAK or ESC to interrupt boot.
    Use SPACE to begin boot immediately.

    Launching BootLoader…
    Default configuration file contains 1 entry.

    Searching / for images to boot.

    Loading /asa825-k8.bin… Booting…
    Platform ASA5505

    Àdosfsck 2.11, 12 Mar 2005, FAT32, LFN
    Starting check/repair pass.
    Starting verification pass.
    /dev/hda1: 170 files, 30254/62014 clusters
    dosfsck(/dev/hda1) returned 0

    Processor memory 383561728, Reserved memory: 62914560 (DSOs: 0 + kernel: 6291456

    Total SSMs found: 0

    Licensed features for this platform:
    Maximum Physical Interfaces : 8
    VLANs : 20, DMZ Unrestricted
    Inside Hosts : Unlimited
    Failover : Active/Standby
    VPN-DES : Enabled
    VPN-3DES-AES : Enabled
    SSL VPN Peers : 2
    Total VPN Peers : 25
    Dual ISPs : Enabled
    VLAN Trunk Ports : 8
    Shared License : Disabled
    AnyConnect for Mobile : Disabled
    AnyConnect for Cisco VPN Phone : Disabled
    AnyConnect Essentials : Disabled
    Advanced Endpoint Assessment : Disabled
    UC Phone Proxy Sessions : 2
    Total UC Proxy Sessions : 2
    Botnet Traffic Filter : Disabled

    This platform has an ASA 5505 Security Plus license.

    Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
    Boot microcode :
    SSL/IKE microcode: PLUS-2.03
    IPSec microcode :

    Cisco Adaptive Security Appliance Software Version 8.2(5)

    Or what should I do to confirm that this is factory reset and no password ?


  41. I have followed the instructions to reset to factory settings. Completed and believe everything worked. But my computer does not get any ip adderss to conect to. So, I redid the reset many times and get the same result. I have noticed that there is a Error in the executing command lines. It says:
    Failed to apply IP address to interface Vlan2, as the network overlaps with interface Vlan1. Two interfaces cannot be in the same subnet.

    Is this what is causing me not to be able to get an IP address from the devise? If so, how do I resolve this issue?

  42. Which commands do I type to make sure the password is really erased ? Also to get the hardware specs ?

    Thank you

  43. So I got the hardware specs,but I can’t reset the password,the computer needs to be online for that ? Asking because I did use one that isn’t hook it up to the net.


    1. These instructions only reset the configuration, not the password. I’ve never had to reset the password on one of these devices, I don’t know how to do it. My only advice is to Google for it.

  44. I have successfully used this guide, but I can’t connect to the device through the ASDM-launcher.

    My pc is getting an ip-address, and I can ping the device, but neither the webinterface og ASDM is working – any ideas?

    The browser times out and the ASDM-launcher just keep trying to connect.



    1. If you are getting an ip-address in the 192.168.0 range, and you can ping, then I’m not sure why you can’t connect… I vaguely remember that there was a gotcha on finding the url: like maybe you had to do It’s been years since I’ve used these devices however, I apologize. Try posting more info, or if you find the solution post that!

      1. I’m no expert, but doing a config factory-default and so on resulted in complete inability to reach the unit via the web browser. was unreachabel. Couldn’t get to ASDM to save my life.

        Re-doing it without the IP address and then going to worked a treat. It apparently doesn’t like the 192.168.0.x network.

  45. I have an issue, I follow the steps and connect everything and use Putty to connect to the ASA 5505, but when the putty command window opens and I press Enter, it doesn’t do anything.

    1. You have to press enter like 6 or 10 times before it responds, sometimes. If that doesn’t work, then double-check your settings:
      Bits per second: 9600
      Data bits: 8
      Parity: None
      Stop bits: 1
      Flow control: None
      If it still doesn’t work, then either your console cable is bad, or you are not using a standard cisco cable. Serial cables are kind of a nightmare in that they can have the correct ends but the pinouts can be non-standard. Try getting your hands on a genuine cisco cable.

  46. Thank you — great article; I reset these things every now and again but can NEVER remember how to do it and always stumble upon this article.

  47. I want to preface what I am about to say with “I am not a Cisco master and I am still learning these alien languages”.

    I had a similar issue with my ASA-5505’s where I would reboot the device after following these instructions and the configuration was missing or lost even after I performed the “Write” or “Write Memory” command.

    I believe the issue to reside with the “rommon #0> confreg 0x41” from “Lawrence” not being followed up with a “rommon #0> confreg 0x01” after you “Write” or “Write Memory” and “Reload” before booting back into IOS.

    I believe the following to be true from experience/results:

    rommon #0> confreg 0x41 = bypass “Config” on boot
    rommon #0> confreg 0x01 = default “Config” on boot (memory)

    “0x01” is where your “Write” or “Write Memory” command is sending your configuration in memory for the boot process. By leaving it in the “0x41” state your always bypassing your default config thus never seeing your custom work after the reboot or pulling the power.

    I hope this helps someone in the same situation as me. This is purely my observations but I did have success by ending this whole process with “rommon #0> confreg 0x01” and I am now booting into my custom configuration every single time I reboot or if i pull power.

  48. Please help me with: appearing warning indicator lights “Alarm” when the boot device not ASA 5512. Then retrieve equipment.

  49. Thanks for the tips. A complete newbie like I am just managed a factory restore.

    I can also confirm the reset button does nothing. When held for 3 seconds and then rebooted. When held on power on. When held for 30 seconds. etc etc. Nothing helps.

    I also could not get the USB console cable going at all for my ASA 5508 so had to use an older PC with a serial port and the older serial to RJ45 cable, but it all worked in the end with your steps.

Leave a Reply

Your email address will not be published. Required fields are marked *