Cisco ASA 5525-X
Start the console session.
Plug in serial cable to device from PC COM1 port
Open PuTTY and select "Serial" connection type, leave baud rate (Speed) and other settings as default.
Plug power into device and if a power button exists, turn it on.
Access the Rommon prompt.
Press the Break or Esc key when prompted. Example output:
Booting from ROMMON Cisco Systems ROMMON Version (2.1(9)8) #1: Wed Oct 26 17:14:40 PDT 2011 Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. Boot interrupted. Management0/0 Link is DOWN MAC Address: 24e9.b391.c2d8 Use ? for help. rommon #0>
TIP: If your keyboard does not have a Break key, in PuTTY right-click the titlebar for the dropdown menu -> Special Command -> Break.
Bypass any configured login.
Type the confreg command followed by a string value instruction to ignore the current configuration when booting up:
rommon #0> confreg 0x41 Update Config Register (0x41) in NVRAM...
Type the reset command:
rommon #1> reset Cisco BIOS Version:9B2C109A Build Date:05/15/2013 16:34:44 CPU Type: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 2394 MHz Total Memory:8192 MB(DDR3 1333) System memory:624 KB, Extended Memory:3573 MB
The boot process should bring you to the ciscoasa> prompt:
Ignoring startup configuration as instructed by configuration register. INFO: Power-On Self-Test in process. ....................................................................... INFO: Power-On Self-Test complete. INFO: Starting HW-DRBG health test... INFO: HW-DRBG health test passed. INFO: Starting SW-DRBG health test... INFO: SW-DRBG health test passed. Type help or '?' for a list of available commands. ciscoasa>
Erase any log files, vlan data and all configuration settings.
Type the enable command to enter privileged command mode. The default password you get prompted for is either blank (just press Enter) or Cisco:
ciscoasa> enable Password: ciscoasa#
Type the dir command, then the del command with * where necessary to match multiple filenames listed:
ciscoasa#dir Directory of disk0:/ 1 -rw- 66895008 Jan 28 2012 23:57:50 +00:00 asa924-8-smp-k8.bin 2 -rw- 2903 Jan 29 2012 00:07:52 +00:00 upgrade_startup_errors_202110110046.log 3 -rw- 4781 Jan 29 2012 00:08:02 +00:00 vlan.dat 256507904 bytes total (189605212 bytes free) ciscoasa# del vlan.dat Delete filename [vlan.dat]? Delete disk0:/vlan.dat? [confirm]y ciscoasa# del *.log Delete filename [*.log]? Delete disk0:/upgrade_startup_errors_202110110046.log? [confirm]y
Type the write erase command, and confirm with y:
ciscoasa# write erase Erase configuration in flash memory? [confirm]y[OK]
Optionally list any license keys and the services they enable.
Type the show activation-key command:
ciscoasa# show activation-key Serial Number: FCH17467T6D Running Permanent Activation Key: 0x8730cd7c 0xcc9d6ce4 0xf5934d84 0xf940f8d4 0x011dddaa Licensed features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 200 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Security Contexts : 2 perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 2 perpetual AnyConnect Essentials : 750 perpetual Other VPN Peers : 750 perpetual Total VPN Peers : 750 perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual Shared License : Enabled perpetual Total TLS Proxy Sessions : 2 perpetual Botnet Traffic Filter : Disabled perpetual IPS Module : Enabled perpetual Cluster : Enabled perpetual Cluster Members : 2 perpetual This platform has an ASA5525 VPN Premium license. Failover cluster licensed features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 200 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Security Contexts : 4 perpetual Carrier : Disabled perpetual AnyConnect Premium Peers : 4 perpetual AnyConnect Essentials : 750 perpetual Other VPN Peers : 750 perpetual Total VPN Peers : 750 perpetual AnyConnect for Mobile : Enabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual Shared License : Enabled perpetual Total TLS Proxy Sessions : 4 perpetual Botnet Traffic Filter : Disabled perpetual IPS Module : Enabled perpetual Cluster : Enabled perpetual This platform has an ASA5525 VPN Premium license. The flash permanent activation key is the SAME as the running permanent key.
Reboot the device and set it back to normal mode.
Type the reload command and confirm with y:
ciscoasa# reload Proceed with reload? [confirm]y *** *** --- START GRACEFUL SHUTDOWN --- Shutting down isakmp Shutting down sw-module Shutting down License Controller Shutting down File system *** *** --- SHUTDOWN NOW --- Process shutdown finished Rebooting... (status 0x9) .. INIT: Sending processes the TERM signal Deconfiguring network interfaces... done. Sending all processes the TERM signal... Sending all processes the KILL signal... Deactivating swap... Unmounting local filesystems... Rebooting...
Send the router a Break command again as done in step 2, then at the rommon prompt type the confreg command followed by a different string value instruction to no longer ignore the configuration:
rommon #0> confreg 0x01 Update Config Register (0x1) in NVRAM...
Lastly type the reset command:
rommon #1> reset
Copy all the output from the session into your records.
Right-click PuTTY's titlebar, from that dropdown menu click on "Copy All to Clipboard"
Open the file of record certifying the deconfiguration of this device and use CTRL V to paste all the output from PuTTY into that file. Formatting the text with a fixed-width font helps it look more readable.
End the session.
Turn off/unplug the device and close PuTTy.