Recover the Cisco ASA Firewall

If the old Cisco ASA 5505 won’t boot, you need the Cisco console cable

You can then use ROMMON to figure out what the status is.

There is a PDF guide called 86696-rommon_mode.pdf you can read for detailed info.

https://community.cisco.com/t5/network-security/boot-system-change-from-rommon/td-p/1659670?attachment-id=63389

From ROMMON you can do many things, like resetting the password, loading the deafult config and more.

If your unit won’t boot, you can upload a new firmware through TFTP.

For this you need a TFTP server like the one from Solarwinds. Here you host the bin file you want to upload.

The ROMMON procedures for uploading this and booting from this is done by using the set command as follows:

rommon #1> ADDRESS=10.132.44.177
rommon #2> SERVER=10.129.0.30
rommon #3> GATEWAY=10.132.44.1
rommon #4> IMAGE=f1/asa800-232-k8.bin
rommon #5> PORT=Ethernet0/0
Ethernet0/0
Link is UP
MAC Address: 0012.d949.15b8
Note Be sure that the connection to the network already exists.

Step 5 To validate your settings, enter the set command.
rommon #6> set
ROMMON Variable Settings:
ADDRESS=10.132.44.177
SERVER=10.129.0.30
GATEWAY=10.132.44.1
PORT=Ethernet0/0
VLAN=untagged
IMAGE=f1/asa800-232-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20

Step 6 Ping the TFTP server by entering the ping server command.
rommon #7> ping server
Sending 20, 100-byte ICMP Echoes to server 10.129.0.30, timeout is 4 seconds:
Success rate is 100 percent (20/20)

Step 7 Load the software image by entering the tftp command.
rommon #8> tftp
ROMMON Variable Settings:
ADDRESS=10.132.44.177
SERVER=10.129.0.30
GATEWAY=10.132.44.1
PORT=Ethernet0/0
VLAN=untagged
IMAGE=f1/asa800-232-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUTRETRY=20
tftp f1/asa800-232-k8.bin@10.129.0.30 via 10.132.44.1
Received 14450688 bytes
Launching TFTP Image…
Cisco PIX Security Appliance admin loader (3.0) #0: Mon Mar 5 16:00:07 MST 2007
Loading..

You are then booting into this and then you can edit the config from CLI using the regular IOS commands. Set the needed boot file in Conf T with commands like “boot system disk0:/asa123-12-k8.bin

More articles

Optional features

Check available optional features: DISM /Online /Get-Capabilities Install an optional feature: DISM /Online /Add-capability /capabilityname:Media.MediaFeaturePack~~~~0.0.1.0

Read More »

AD retention period

Check AD retention tombstone value: Import-Module ActiveDirectory $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext $DirectoryServicesConfigPartition = Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext” -Partition $ADForestconfigurationNamingContext -Properties *

Read More »