KB ID 0001199 Dtd 01/06/16
After recently picking up some second hand ASA5512-X firewalls, I went to run them up, and make sure they were ok, however on boot up they went straight to ROMMON like so;
Use ? for help. rommon #0>
Now I know what ROMMON is, it’s the base operating system of the device, its job is a bit like the BIOS on a PC, it locates and loads the operating system. The only time you should ever see a rommon prompt is
- If you ‘force’ a device into rommon mode as it boots.
- The devices config register is incorrectly set.
- The operating system is missing/corrupt.
- The flash memory of the device is broken, (or needs reformatting).
Chances are, the firm who ‘re-sold’ them simply did some password recovery, and forgot to set the config register back again.
I’ve recovered enough passwords and booted form the network enough times to know that if the OS is present on the device, I can load it manually with the ‘boot’ command.
rommon #0> boot Launching BootLoader... Boot configuration file contains 2 entries. Loading disk0:/asa923-smp-k8.bin...
Once loaded up and logged in, lets have a look at the config register, (it should look like 0x1).
ciscoasa# show ver | incl register Configuration register is 0x40 << Aha!! ciscoasa#
The easiest way to rectify this is to delete the config register, and it will then reset to the default.
ciscoasa# configure terminal ciscoasa(config)# no config-register ciscoasa(config)# exit ciscoasa# ciscoasa# show ver | incl register Configuration register is 0x40 (will be 0x1 at next reload) ciscoasa#
Reload/reboot the firewall and if it boot properly, then you know you have rectified the problem, but you can re-check..
ciscoasa# show ver | incl register Configuration register is 0x1 << Boom! ciscoasa#
Related Articles, References, Credits, or External Links