Cisco ASA 5540 series

  1. Start the console session.

    Plug in serial cable to console port of device from PC COM1 port
    Open PuTTY and select "Serial" connection type, leave baud rate (Speed) and other settings as default.
    Plug power into device and if a power button exists, turn it on.

  2. Access the Rommon prompt.

    Repeatedly press the Break key until the rommon prompt appears. Example output:
    Booting system, please wait... CISCO SYSTEMS Embedded BIOS Version 1.0(10)0 03/25/05 22:42:05.25 Low Memory: 631 KB High Memory: 1024 MB … Evaluating BIOS Options ... Launch BIOS Extension to setup ROMMON Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST 2005 Platform ASA5540 Management0/0 Ethernet auto negotiation timed out. Interface-4 Link Not Established (check cable). Default Interface number-4 Not Up Use ? for help. rommon #0>
    TIP: If your keyboard does not have a Break key, in PuTTY right-click the titlebar for the dropdown menu -> Special Command -> Break.

  3. Bypass any configured login.

    Type the confreg command followed by a string value instruction to ignore the current configuration when booting up:
    rommon #0> confreg 0x10041 Update Config Register (0x10041) in NVRAM...
    Type the reset command:
    rommon #1> reset ROMMON Platform Reboot Rebooting.... Booting system, please wait...
    The boot process should bring you to the ciscoasa>  prompt:
    Ignoring startup configuration as instructed by configuration register. INFO: Converting to disk0:/ Type help or '?' for a list of available commands. ciscoasa>

  4. Erase any log files, vlan data and all configuration settings.

    Type the enable command to enter privileged command mode. The default password you get prompted for is either blank (just press Enter) or Cisco:
    ciscoasa> enable Password: ciscoasa#
    Type the dir command, then the del command with * where necessary to match multiple filenames listed:
    ciscoasa#dir Directory of disk0:/ 2 drw- 0 19:55:48 Mar 25 2010 crypto_archive 7 -rw- 8515584 20:00:10 Mar 25 2010 asa724-k8.bin 4170 -rw- 6514852 09:04:44 Apr 19 2010 asdm-524.bin 63166464 bytes total (48117760 bytes free)
    Type the write erase command, and confirm with y:
    ciscoasa# write erase Erase configuration in flash memory? [confirm]y [OK]

  5. Optionally list any license keys and the services they enable.

    Type the show activation-key command:
    ciscoasa# show activation-key Serial Number: JMX1005K03M Running Activation Key: 0x1b11d854 0x6896831e 0xd4025918 0x89c4a018 0x46213485 Licensed features for this platform: Maximum Physical Interfaces : Unlimited Maximum VLANs : 200 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled Security Contexts : 2 GTP/GPRS : Disabled VPN Peers : 5000 WebVPN Peers : 2 This platform has an ASA 5540 VPN Premium license. The flash activation key is the SAME as the running key.

  6. Reboot the device and set it back to normal mode.

    Type the reload command and confirm with y:
    ciscoasa# reload Proceed with reload? [confirm]y *** *** --- START GRACEFUL SHUTDOWN --- Shutting down isakmp Shutting down File system *** *** --- SHUTDOWN NOW --- Rebooting....
    Send the router a Break command again as done in step 2, then at the rommon prompt type the confreg command followed by a different string value instruction to no longer ignore the configuration:
    rommon #0> confreg 0x000002 Update Config Register (0x2) in NVRAM...
    Lastly type the reset command:
    rommon #1> reset

  7. Copy all the output from the session into your records.

    Right-click PuTTY's titlebar, from that dropdown menu click on "Copy All to Clipboard"
    Open the file of record certifying the deconfiguration of this device and use CTRL V to paste all the output from PuTTY into that file. Formatting the text with a fixed-width font helps it look more readable.

  8. End the session.

    Close PuTTy.