I Need To Make A Change With My IT Support! Call (225) 706-8414

Resetting the Enable Password on the Cisco ASA 5505

You have a Cisco ASA 5505 for which you no longer have the correct enable password.


To reset the enable password, you need a serial cable to connect to the Cisco. You can’t do this via SSH, telnet, or ADSM.

  1. Power off the ASA by unplugging it from power
  2. Connect to the ASA via the console port; PuTTY is great for this
  3. Power the ASA back on. After a momen, you will a prompt like the following:
    Use BREAK or ESC to interrupt boot.
    Use SPACE to begin boot immediately.
  4. Hit ESC to interrupt the boot process; you should see something like this:
    Boot interrupted.
    MAC Address: 2894.0f20.a947
    Link is DOWN
    Use ? for help.
    rommon #0>
  5. Use the confreg to show the current configuration register; you’ll need this later so save the output some place safe (in a Notepad window is fine).
    rommon #0> confreg
    Current Configuration Register: 0x00000001
    Configuration Summary:
      boot default image from Flash
    Do you wish to change this configuration? y/n [n]:
  6. Answer ‘y’ to the “Do you wish to change this configuration” and “disable system configuration” prompts; accept the defaults for the rest.
    rommon #0> confreg
    Current Configuration Register: 0x00000001
    Configuration Summary:
      boot default image from Flash
    Do you wish to change this configuration? y/n [n]: y
    enable boot to ROMMON prompt? y/n [n]: n
    enable TFTP netboot? y/n [n]: n
    enable Flash boot? y/n [n]: n
    select specific Flash image index? y/n [n]: n
    disable system configuration? y/n [n]: n
    go to ROMMON prompt if netboot fails? y/n [n]: n
    enable passing NVRAM file specs in auto-boot mode? y/n [n]: n
    disable display of BREAK or ESC key prompt during auto-boot? y/n [n]: n
    Current Configuration Register: 0x00000001
    Configuration Summary:
     boot ROMMON
    Update Config Register (0x0) in NVRAM...
    rommon #1>
  7. Use the bootcommand to finish booting the ASA using default settings
    rommon #1> boot
    Launching BootLoader...
    Default configuration file contains 1 entry.
    Searching / for images to boot.
    Loading /asa911-k8.bin... Booting...
    Platform ASA5505
    IO memory blocks requested from bigphys 32bit: 9928
    Ãosfsck 2.11, 12 Mar 2005, FAT32, LFN
    Starting check/repair pass.
  8. You can now switch to priviledged mode as the enable password is now blank
    Type help or '?' for a list of available commands.
    ciscoasa> enable
  9. Load the ASA’s normal configuration so that you can change it; since you’re already in privileged mode, you can change the configuration settings as needed.
    ciscoasa# copy startup-config running-config
    Destination filename [running-config]?
    Cryptochecksum (unchanged): 4e408444 7fc8556f 936a0216 8a012d76
    2557 bytes copied in 3.220 secs (852 bytes/sec)
  10. Edit the configuration
    ciscoasa# conf term
  11. Use the password and enable passwordcommands to change the passwords to something you do know.
    ciscoasa(config)# password SuperSecretPassword
    ciscoasa(config)# enable password AnotherSecretPassword
  12. Reset the configuration register to the value you saved above so that the ASA will reboot normally instead of into ROMMON
    ciscoasa(config)# config-register 0x1
  13. Save the updated configuration so that it is loaded on next boot and reboot
    ciscoasa(config)# copy running-config startup-config
    Source filename [running-config]?
    Cryptochecksum: 51e1e4c3 36c9e3b5 b895d772 43227af6
    3045 bytes copied in 1.50 secs (3045 bytes/sec)
    ciscoasa(config)# reload noconfirm
  14. After the ASA reboots, make sure the new enable password works
    ciscoasa> enable
    Password: ********

Concerned About Cyber Attacks?


Want to Migrate to the Cloud?

Office 365

Ready to Experience Microsoft Office 365?

Want the latest IT news directly in your inbox? Subscribe now!