I needed a more reliable VPN solution to a remote site I need to work on every now and then. At the time I had setup the remote sites router to push VPN connections through to the Windows 2003 Server (I know, I know) and it would handle the VPN connection. From there I'd RDP to other desktops as needed. Now, when the server would crash and be M.I.A. for whatever reason, I'd be without a VPN connection and would then have to drive to the site to do anything.
Long story short, I came across an ASA 5505 and saw the words VPN associated with it and now I'm setting one up to basically be a VPN point at the remote site, can then hit other desktops from the edge of the network rather than rely on the server to be available for the WHOLE network to be available.
I got the device second hand so needed to
- get into it without the password
- reset the device.
Plug your serial console cable in (the ligt blue one) and power up your device.
You need it to interrupt the bootup and drop it into a 'rmmon' shell as per the instructions 'Use BREAK or ESC to interrupt boot.'
CISCO SYSTEMSEmbedded BIOS Version 1.0(12)11 04/30/08 15:45:41.19 Low Memory: 632 KBHigh Memory: 251 MBPCI Device Table.Bus Dev Func VendID DevID Class Irq 00 01 00 1022 2080 Host Bridge 00 01 02 1022 2082 Chipset En/Decrypt 11 00 0C 00 1148 4320 Ethernet 11 00 0D 00 177D 0003 Network En/Decrypt 10 00 0F 00 1022 2090 ISA Bridge 00 0F 02 1022 2092 IDE Controller 00 0F 03 1022 2093 Audio 10 00 0F 04 1022 2094 Serial Bus 9 00 0F 05 1022 2095 Serial Bus 9 Evaluating BIOS Options ...Launch BIOS Extension to setup ROMMON Cisco Systems ROMMON Version (1.0(12)11) #4: Thu May 1 14:50:05 PDT 2008 Platform ASA5505 Use BREAK or ESC to interrupt boot.Use SPACE to begin boot immediately.Boot interrupted. Ethernet0/0MAC Address: 0024.14a1.abe7Link is DOWN Use ? for help.rommon #0>
to change configuration register and bypass login/security
rommon #0> confreg Current Configuration Register: 0x00000001Configuration Summary: boot default image from Flash Do you wish to change this configuration? y/n [n]: yenable boot to ROMMON prompt? y/n [n]:enable TFTP netboot? y/n [n]:enable Flash boot? y/n [n]:select specific Flash image index? y/n [n]:disable system configuration? y/n [n]: ygo to ROMMON prompt if netboot fails? y/n [n]:enable passing NVRAM file specs in auto-boot mode? y/n [n]:disable display of BREAK or ESC key prompt during auto-boot? y/n [n]: Current Configuration Register: 0x00000040Configuration Summary: boot ROMMON ignore system configuration Update Config Register (0x40) in NVRAM...
take note the 'Current Configuration Register' at the start is '0x00000001', after you run through the configuration change, you'll notice its changed to '0x00000040'
now reload the ASA with a 'boot' command at the prompt
rommon #1> bootLaunching BootLoader...Boot configuration file contains 1 entry. Loading disk0:/asa803-k8.bin... Booting...Loading...
the new config and setup new credentials
enableto get privileged mode (password should be blank, just press enter)
- load the start-up config into memory with
copy startup-config running-config
- get into config mode
conf tto edit the default configuration
- setup your login credentials
ciscoasa(config)# password <password>ciscoasa(config)# enable password <password>ciscoasa(config)# username <name> password <password>
you can now reload your newly edited default configuration
ciscoasa(config)# no config-register
back to the startup-config to persist (i.e. come back after) for reboots
this ensures it boots with your new settings
ciscoasa(config)# copy running-config startup-config
watch it boot right back up with all your new settings.