To perform a password recovery on a Cisco ASA 5500-X series firewall, you'll need to console to the ASA, do a reboot and press either the BREAK or ESCAPE key when you see this output.
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds
When in rommon mode, type confreg 0x41 and it will bypass the ASA startup-config.
rommon #1> confreg 0x41
Update Config Register (0x41) in NVRAM...
Type confreg to verify the configuration register value.
rommon #1> confreg
Current Configuration Register: 0x00000041
Configuration Summary:
boot default image from Flash
ignore system configuration
Do you wish to change this configuration? y/n [n]: n // TYPE n SINCE CONFREG IS 0x41
Type boot to reload the ASA using the new configuration register setting.
rommon #2> boot
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa913-smp-k8.bin... Booting...
Platform ASA5525
<OUTPUT TRUNCATED>
ciscoasa> enable
Password:<ENTER>
ciscoasa# show run
: Saved
:
ASA Version 9.1(3)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface GigabitEthernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
pager lines 24
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
!
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 27
subscribe-to-alert-group configuration periodic monthly 27
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:00000000000000000000000000000000
: end
ciscoasa#
ciscoasa# conf igure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)# copy startup-config running-config // LOAD THE EXISTING CONFIG FROM FLASH/NVRAM TO ACTIVE RAM; NOTICE THE HOSTNAME AND OTHER CONFIG HAVE CHANGED
COMPANY-ASA(config)# passwd cisco // SSH/TELNET PASSWORD
COMPANY-ASA(config)# enable password cisco // ENABLE PASSWORD
COMPANY-ASA(config)# username admin password cisco privilege 15 // LOCAL USER PASSWORD
COMPANY-ASA(config)# no config-register // REVERT BACK TO confreg 0x1
COMPANY-ASA(config)# show version
Cisco Adaptive Security Appliance Software Version 9.1(3)
Device Manager Version 7.1(4)
Compiled on Mon 16-Sep-13 16:07 PDT by builders
System image file is "disk0:/asa913-smp-k8.bin"
Config file at boot was "startup-config"
COMPANY-ASA up 2 mins 46 secs
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2393 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is fc5b.39aa.5164, irq 11
1: Ext: GigabitEthernet0/0 : address is fc5b.39aa.5169, irq 5
2: Ext: GigabitEthernet0/1 : address is fc5b.39aa.5165, irq 5
3: Ext: GigabitEthernet0/2 : address is fc5b.39aa.516a, irq 10
4: Ext: GigabitEthernet0/3 : address is fc5b.39aa.5166, irq 10
5: Ext: GigabitEthernet0/4 : address is fc5b.39aa.516b, irq 5
6: Ext: GigabitEthernet0/5 : address is fc5b.39aa.5167, irq 5
7: Ext: GigabitEthernet0/6 : address is fc5b.39aa.516c, irq 10
8: Ext: GigabitEthernet0/7 : address is fc5b.39aa.5168, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is fc5b.39aa.5164, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH1834JABC
Running Permanent Activation Key: 0x363bee4d 0xcc858b80 0xe5d21db4 0xf1d49123 0xcb04c456
Configuration register is 0x41 (will be 0x1 at next reload)
Configuration last modified by enable_15 at 22:47:52.619 UTC Mon Jun 5 2017
COMPANY-ASA(config)#
COMPANY-ASA(config)# write memory
Building configuration...
Cryptochecksum: 9575d46c dc5b5272 60c68174 195bd73d
2641 bytes copied in 0.650 secs
[OK]
COMPANY-ASA(config)# reload
Proceed with reload? [confirm]
COMPANY-ASA(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....
Cisco BIOS Version:9B2C109A
Build Date:05/15/2013 16:34:44
<OUTPUT TRUNCATED>
COMPANY-ASA# show version
Cisco Adaptive Security Appliance Software Version 9.1(3)
Device Manager Version 7.1(4)
Compiled on Mon 16-Sep-13 16:07 PDT by builders
System image file is "disk0:/asa913-smp-k8.bin"
Config file at boot was "startup-config"
COMPANY-ASA up 33 secs
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is fc5b.39aa.5164, irq 11
1: Ext: GigabitEthernet0/0 : address is fc5b.39aa.5169, irq 5
2: Ext: GigabitEthernet0/1 : address is fc5b.39aa.5165, irq 5
3: Ext: GigabitEthernet0/2 : address is fc5b.39aa.516a, irq 10
4: Ext: GigabitEthernet0/3 : address is fc5b.39aa.5166, irq 10
5: Ext: GigabitEthernet0/4 : address is fc5b.39aa.516b, irq 5
6: Ext: GigabitEthernet0/5 : address is fc5b.39aa.5167, irq 5
7: Ext: GigabitEthernet0/6 : address is fc5b.39aa.516c, irq 10
8: Ext: GigabitEthernet0/7 : address is fc5b.39aa.5168, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is fc5b.39aa.5164, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetualShared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH1834JABC
Running Permanent Activation Key: 0x363bee4d 0xcc858b80 0xe5d21db4 0xf1d49123 0xcb04c456
Configuration register is 0x1
Configuration has not been modified since last system restart.
COMPANY-ASA# show run
: Saved
:
ASA Version 9.1(3)
!
hostname COMPANY-ASA
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
nameif OUTSIDE
security-level 0
ip address 123.45.6.7
!
interface GigabitEthernet0/1
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
dns domain-lookup INSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
domain-name local.net
pager lines 24
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
!
!
prompt hostname context
call-home reporting anonymous prompt 2
call-home profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 27
subscribe-to-alert-group configuration periodic monthly 27
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:9575d46cdc5b527260c68174195bd73d
: end
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds
When in rommon mode, type confreg 0x41 and it will bypass the ASA startup-config.
rommon #1> confreg 0x41
Update Config Register (0x41) in NVRAM...
Type confreg to verify the configuration register value.
rommon #1> confreg
Current Configuration Register: 0x00000041
Configuration Summary:
boot default image from Flash
ignore system configuration
Do you wish to change this configuration? y/n [n]: n // TYPE n SINCE CONFREG IS 0x41
Type boot to reload the ASA using the new configuration register setting.
rommon #2> boot
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa913-smp-k8.bin... Booting...
Platform ASA5525
<OUTPUT TRUNCATED>
ciscoasa> enable
Password:<ENTER>
ciscoasa# show run
: Saved
:
ASA Version 9.1(3)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface GigabitEthernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
pager lines 24
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
!
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 27
subscribe-to-alert-group configuration periodic monthly 27
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:00000000000000000000000000000000
: end
ciscoasa#
ciscoasa# conf igure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)# copy startup-config running-config // LOAD THE EXISTING CONFIG FROM FLASH/NVRAM TO ACTIVE RAM; NOTICE THE HOSTNAME AND OTHER CONFIG HAVE CHANGED
COMPANY-ASA(config)# passwd cisco // SSH/TELNET PASSWORD
COMPANY-ASA(config)# enable password cisco // ENABLE PASSWORD
COMPANY-ASA(config)# username admin password cisco privilege 15 // LOCAL USER PASSWORD
COMPANY-ASA(config)# no config-register // REVERT BACK TO confreg 0x1
COMPANY-ASA(config)# show version
Cisco Adaptive Security Appliance Software Version 9.1(3)
Device Manager Version 7.1(4)
Compiled on Mon 16-Sep-13 16:07 PDT by builders
System image file is "disk0:/asa913-smp-k8.bin"
Config file at boot was "startup-config"
COMPANY-ASA up 2 mins 46 secs
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2393 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is fc5b.39aa.5164, irq 11
1: Ext: GigabitEthernet0/0 : address is fc5b.39aa.5169, irq 5
2: Ext: GigabitEthernet0/1 : address is fc5b.39aa.5165, irq 5
3: Ext: GigabitEthernet0/2 : address is fc5b.39aa.516a, irq 10
4: Ext: GigabitEthernet0/3 : address is fc5b.39aa.5166, irq 10
5: Ext: GigabitEthernet0/4 : address is fc5b.39aa.516b, irq 5
6: Ext: GigabitEthernet0/5 : address is fc5b.39aa.5167, irq 5
7: Ext: GigabitEthernet0/6 : address is fc5b.39aa.516c, irq 10
8: Ext: GigabitEthernet0/7 : address is fc5b.39aa.5168, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is fc5b.39aa.5164, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH1834JABC
Running Permanent Activation Key: 0x363bee4d 0xcc858b80 0xe5d21db4 0xf1d49123 0xcb04c456
Configuration register is 0x41 (will be 0x1 at next reload)
Configuration last modified by enable_15 at 22:47:52.619 UTC Mon Jun 5 2017
COMPANY-ASA(config)#
COMPANY-ASA(config)# write memory
Building configuration...
Cryptochecksum: 9575d46c dc5b5272 60c68174 195bd73d
2641 bytes copied in 0.650 secs
[OK]
COMPANY-ASA(config)# reload
Proceed with reload? [confirm]
COMPANY-ASA(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....
Cisco BIOS Version:9B2C109A
Build Date:05/15/2013 16:34:44
<OUTPUT TRUNCATED>
COMPANY-ASA# show version
Cisco Adaptive Security Appliance Software Version 9.1(3)
Device Manager Version 7.1(4)
Compiled on Mon 16-Sep-13 16:07 PDT by builders
System image file is "disk0:/asa913-smp-k8.bin"
Config file at boot was "startup-config"
COMPANY-ASA up 33 secs
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is fc5b.39aa.5164, irq 11
1: Ext: GigabitEthernet0/0 : address is fc5b.39aa.5169, irq 5
2: Ext: GigabitEthernet0/1 : address is fc5b.39aa.5165, irq 5
3: Ext: GigabitEthernet0/2 : address is fc5b.39aa.516a, irq 10
4: Ext: GigabitEthernet0/3 : address is fc5b.39aa.5166, irq 10
5: Ext: GigabitEthernet0/4 : address is fc5b.39aa.516b, irq 5
6: Ext: GigabitEthernet0/5 : address is fc5b.39aa.5167, irq 5
7: Ext: GigabitEthernet0/6 : address is fc5b.39aa.516c, irq 10
8: Ext: GigabitEthernet0/7 : address is fc5b.39aa.5168, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is fc5b.39aa.5164, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetualShared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH1834JABC
Running Permanent Activation Key: 0x363bee4d 0xcc858b80 0xe5d21db4 0xf1d49123 0xcb04c456
Configuration register is 0x1
Configuration has not been modified since last system restart.
COMPANY-ASA# show run
: Saved
:
ASA Version 9.1(3)
!
hostname COMPANY-ASA
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
nameif OUTSIDE
security-level 0
ip address 123.45.6.7
!
interface GigabitEthernet0/1
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
dns domain-lookup INSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
domain-name local.net
pager lines 24
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
!
!
prompt hostname context
call-home reporting anonymous prompt 2
call-home profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 27
subscribe-to-alert-group configuration periodic monthly 27
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:9575d46cdc5b527260c68174195bd73d
: end
No comments:
Post a Comment