ASA 5505 board repair and recovery

by, author:
Ron Staples
Version:
8.3
Price:
500.00

Reviewed by:
Rating:
5
On 8, June 2010
Last modified:7, May 2014

Summary:

I received a faulty ASA 5505 from a customer the other day. Customer has already been shipped a replacement and now I asked what should I do with this one, sitting on my desk. The problem with this device is that the power plug had become loose, periodically causing the ASA to reload and causing havoc on the customer’s network. It clearly had to be replaced

I received a faulty ASA 5505 from a customer the other day.  Customer has already been shipped a replacement and now I asked what should I do with this one, sitting on my desk. The problem with this device is that the power plug had become loose, periodically causing the ASA to reload and causing havoc on the customer’s network. It clearly had to be replaced

Normally I would send a refurbished non smart net covered Cisco item out for repair, if the cost was justified. ASA 5505 can be purchased from Bay for around 375 bucks used and 600 new; cost to repair this plus shipping would have been close to $200.  In this case it was better to simply replace it.    I decided to crack this box open and take a peek inside. I feel comfortable doing this because my previous career was an electronics bench tech.  I’m always looking to take things apart to see what makes them tick; besides I had nothing to loose with this one. Once apart I realize that here was not much to this device.  From the picture  you can see how the solder joints of the power receptacle became loose and broken around the power connector.

After correcting the solder joints I decided to put the ASA back together, in the picture to the left you will notice that there is a flash card on the front right  of the board and one DDR 256 sim across the back.   The mother board is held in by oney two screws, for the most part the ASA is very easy to take apart.

Most of the time solder joints become loose due to the device being powered up in a room with lots of other larger devices (ie 6509) and an inadequate cooling system will simply cause it to overheat and melt the joints; thus causing the power to go out, once this happens the solder cools off at whatever state it’s in.

Next time power is applied it may or may not power up and this causes power to be sporadic, one side may have a good condition while the other is barely touching.  Ether case it can be easily fixed.

I wanted to add a side note here, although Cisco did release a Field Notice (FN – 62832) that explained and addresses a known power-on issue with 5505’s after reading it I was not entirely convinced that this issue was related to this device. One tip I would like to give is to make sure you place your screws in separate piles, also keep in mind the longer screws that go underneath are for the recessed holes.

I made the mistake of putting the wrong screws in the wrong hole.

After everything was together, I connected my console cable from my laptop and pulled up Secure CRT ( I know most of you prefer the free programs such as puty and teleterm) I like Secure CRT, I’ve been using it a long time and consider it one of the best terminal programs. I plugged in the power cable and saw the power light lit (this is a good sign) then status and nothing…  hmm..  press enter a few times on my terminal and seen that the image was loading. ACTIVE IS LIT and I now have a prompt… ugh password?

As I mentioned at the beginning, this ASA came from a customer. and i had no clue what their login info was. Now I found myself staring at unknown host-name and no password information for the enable mode.  I suppose I could call and ask what the login and password was.. But where is the fun in that?  Besides I would have nothing to write about.

The first step in ASA password recovery is to power on and off the device.  Once you see the message “Use BREAK or ESC to interrupt the boot” DO IT, press ESC.  (see screen shot lower right) Afterwords you will be placed in ronmon mode.  As seen in the screen-shot.  From here you simply type confreg and press [ENTER]. This will display the Configuration Register and allow you to changes the configuration and disable system configuration. Keep close attention the bold print below and be sure to write your config register info down, you will need it later.

rommon #1> confreg
Current Configuration Register: 0x00l00000

Configuration Summary:
boot ROMMON
pass NVRAM fi1e specs in auto-bootloader mode
Do you wish to change this configuration? y/n [n]: y

enable boot to ROMMON prompt? y/n [n]:
enable TFTP netboot? y/n [n]’:o
enable F1ash boot? y/n [n]r:e
select specific F1ash image index? y/n (n]:
disab1e system configuration? y/n [n]: y

go to ROMMON prompt if netboot fails? y/n [nJ:
enable passing NVPAM file specs in auto-boot mode? y/n [n]:
disable display of BREAK or ESC key prompt during auto-boot? y/n [nJr:b **ADD250X250**
Current Configuration Register: 0x00000040
Configuration Summary:
boot ROMMON
ignore system configuration
Update Config Register (0x40) in NVRAM.’.’.i
Ready Señ&ocoM1 34. 1 34Rows. L4Cds VT100 NUM ,

Once you gather all information needs,  only thing left to do is “boot”

ronimon #3> boot
Launching BootLoader.’.’.?
Boot configuration fi1e contains 1 entry.
Loading disk0:/asaO02-k8.bin…

********

Copyright (c) 1996-2007 by Cisco systems, Inc
Use, dup1ication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercia1 Computer software – Restricted
Rights c1ause at FAR secs. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technica1 Data and Computer
Software clause at DFARS sec-. 252.227-7013.
Ignoring startup configuration as instructed by configuration r gister.
INFo: Converting to disk0:/
Type help or ‘?’ for a 1ist of avai1able commands.
ciscoasa>

If you plan on keeping your config file, pay close attention to the following commands because you can easily overwrite your config.

ciscoasa> en
Password:
ci scoasa#
ciscoasa# copy startup-config running-config
Destination fi1ename [running-config]?
INFOr: outside interface address added to PAT poo1
Cryptochecksum (unchanged):: e6615619 b3ab09l08 9d165653 98fb4f38
4073 bytes copied in 0.990 secs
HOU-Shop# config t
HOU-Shop(config)# password cisco
HOU-Shop(config)# enab1e password cisco123
HU–Shp(config)#? config-register 0x00000001
HOU-Shop (config)# hostname ciscoasa
ciscoasa(config)# copy running-config startup-config
Source filename [running-config]?
Cryptochecksum: c82cc8a7 a7a2c3f4 45734f95 dde5b4df
4128 bytes copied in 1.720 secs (4128 bytes/sec)
ciscoasa(config)#

The steps here very simple and explained in greater detail below.

1)    copy startup-config running-config  (restore the config)

2)    config t (enter config mode)

  • password cisco ( change user password)
  • enab1e password cisco123 (change enabled password)
  • config-register 0x00000001 (change the config register back)
  • hostname ciscoasa (enter hostname (default used))
  • copy running-config startup-config (now save your changes)
  • end (back to prompt)

3)    boot

Keep in mind that the config resister number was retrieved when we first ran confreg at the rommon prompt.  Once the ASA comes online you can login with the your passwords and perform show version.  If you did not erase your config you can display it and save it at this time.  For now,  I’ll be clearing this one and starting anew.


2010-06-08
rstaples@configbytes.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As I mentioned at the beginning, this ASA came from a customer.  Now I was staring at unknown hostname and no password information for the enable mode.  I suppose I could call and ask what the login and password was.. But where is the fun in that?  Besides I would have nothing to write about.

The first step in ASA password recovery is to power on and off the device.  Once you see themessage “Use BREAK or ESC to

I received a faulty ASA 5505 from a customer the other day. Customer has already been shipped a replacement and now I asked what should I do with this one, sitting on my desk. The problem with this device is that the power plug had become loose, periodically causing the ASA to reload and causing havoc on the customer’s network. It clearly had to be replaced

51 thoughts on “ASA 5505 board repair and recovery

  1. Ron, thanks so much, it is May 2016 and your post still is current.
    Reading you is like my same experience with a faulty 5505…

    Thanks for sharing!

    from Minnesota

  2. hi i have a cisco asa 5505 that is not under warranty.

    the power connection on the board appears to be loose so when i plug power cable in sometimes the appliance switches itself off and sometimes if i move the appliance about.

    the ‘reset’ button appears not to work and i think something has now broken off as now i have to use a pin to press the ‘reset’ button which does not work now.

    when i now boot up the device it gets as far as:

    ciscoasa> & now my keyboard does not work at this point

    where can i send to get this fixed in the UK & what would be the likely cost ?

    • Not sure where you would get that fixed in the UK. On your description, it appears you have the issue that I had. The weight of the power cord has cause the connectors to break loose of the solder joints. That was the issue with mine.

  3. Hi, cisco ASA 5510 and 5520 – power led off, flash led off and other leds are amber. what could be the problem?

  4. Hi Ron, thanks for the post.

    I bought a brand new ASA 5505 a few years back when I was doing my university’s project, since then it has been sitting in the cupboard,

    Today I took it out and had a play, when I plug the power, the device is on straight away, it didn’t go through the booting process, there is no output from the console connection, it has no success connecting to the pc through an ethernet cable either, the odd thing is, the only indicator on the front of the device is the status which shows solid orange , the others are off, even the power indicator is off, even though there is clearly power connecting to it. I tried the reset button at the back of the device, but it did nothing.

    Could you please give me some advice how to solve the problem? Thanks in advance!

    • Sorry for the late reply Dave,
      From what you wrote here, it appears the the ASA is working correctly. Did you check your consol sittings, make sure you are at 8,n,1 9600? Also I’ve had issues with CTS/RTS.

      Let me know if you were able to get this working.

      Once again, sorry for the late reply.

      • Hi Ron,

        Thank you for the reply. Sorry for the late reply, I’ve been away.

        Well, it’s definitely not working, the console settings are set as you said, the Flow control I’ve tried all the options in the list, but none of them is able to talk to the computer. As I said in the previous message, once the device connects to the power, it seems to me that it didn’t go through the booting process. The indicators on the front of the device show only the STATUS which is amber. Some suggest that this indicate that memory is faulty …

        Could you please share your thoughts ?
        Cheers

Leave a Reply to nick baftijar Cancel reply

Your email address will not be published. Required fields are marked *

*