ASA 5505 board repair and recovery

I received a faulty ASA 5505 from a customer the other day. The customer has already been shipped a replacement, and now I asked what I should do with this one sitting on my desk. The problem with this device is that the power plug had become loose, periodically causing the ASA to reload and causing havoc on the customer’s network. It had to be replaced.

Usually, I would send a refurbished, non-smart net-covered Cisco item out for repair if the cost was justified. ASA 5505 can be purchased from Bay for around 375 bucks used and 600 new; the cost to repair this plus shipping would have been close to $200. In this case, it was better to replace it.

I decided to crack this box open and take a peek inside. I feel comfortable doing this because of my previous career as an electronics bench tech. I’m always looking to take things apart to see what makes them tick; besides, I had nothing to lose with this one. Once apart, I realized that there was not much to this device. From the picture, you can see how the solder joints of the power receptacle became loose and broken around the power connector.

ASA 500 opened

After correcting the solder joints, I put the ASA back together; in the picture to the left, you will notice a flashcard on the front right of the board and one DDR 256 sim across the back. Only two screws hold the motherboard in; for the most part, the ASA is straightforward to take apart. Most of the time, solder joints become loose due to the device being powered up in a room with lots of other larger devices (i.e., 6509), and an inadequate cooling system will cause it to overheat and melt the joints; thus causing the power to go out, once this happens the solder cools off at whatever state it’s in.

The power connector had come to loose due to the weight of the power cable.

The next time power is applied, it may or may not power up, and this causes power to be sporadic. One side may have good condition while the other is barely touching. In Ether’s case, it can be easily fixed. I wanted to add a side note here, although Cisco did release a Field Notice (FN – 62832) that explained and addressed a known power-on issue with 5505’s after reading it, I was not entirely convinced that this issue was related to this device. One tip I would like to give is to make sure you place your screws in separate piles. Also, keep in mind the longer screws that go underneath are for the recessed holes. I made the mistake of putting the wrong screws in the wrong hole. 

After everything was together, I connected my console cable from my laptop and pulled up Secure CRT ( I know most of you prefer free programs such as puty and teleterm). I like Secure CRT; I’ve been using it for a long time and consider it one of the best terminal programs.

I plugged in the power cable and saw the power light lit (this is a good sign) then status and nothing… hmm.. press enter a few times on my terminal and see that the image was loading. ACTIVE IS LIT and I now have a prompt… ugh password?

Status lights

This ASA came from a customer. I had no clue what their login info was. I stared at an unknown hostname and no password information for the enable mode. I suppose I could call and ask what the login and password were… But where is the fun in that? Besides, I would have nothing to write about.

The first step in ASA password recovery is to power on and off the device. Once you see the message “Use BREAK or ESC to interrupt the boot,” DO IT, press ESC. (see screenshot lower right) Afterward, you will be placed in ronmon mode.

As seen in the screenshot. From here, you type confreg and press [ENTER]. This will display the Configuration Register and allow you to change the configuration and disable the system configuration.

Keep close attention to the bold print below and write down your config register info. You will need it later.

Remember that the config resister number was retrieved when we ran confreg at the rommon prompt. Once the ASA comes online, you can log in with your passwords and perform a show version. If you did not erase your config, you can display it and save it now. For now, I’ll be clearing this one and starting anew.

				
					rommon #1> confreg
Current Configuration Register: 0x00l00000
Configuration Summary:
boot ROMMON
pass NVRAM fi1e specs in auto-bootloader mode
Do you wish to change this configuration? y/n [n]: y
enable boot to ROMMON prompt? y/n [n]:
enable TFTP netboot? y/n [n]:
enable F1ash boot? y/n [n]:
select specific F1ash image index? y/n (n]:
disab1e system configuration? y/n [n]: y
go to ROMMON prompt if netboot fails? y/n [nJ:
enable passing NVPAM file specs in auto-boot mode? y/n [n]:
disable display of BREAK or ESC key prompt during auto-boot? y/n [nJ:
Current Configuration Register: 0x00000040
Configuration Summary:
boot ROMMON
ignore system configuration
Update Config Register (0x40) in NVRAM.'.'.i
Ready Señ&ocoM1 34. 1 34Rows. L4Cds VT100 NUM ,
				
			

Once you gather all information needs, the only thing left to do is “boot”

				
					ciscoasa> en
Password:
ci scoasa#
ciscoasa# copy startup-config running-config
Destination fi1ename [running-config]?
INFOr: outside interface address added to PAT poo1
Cryptochecksum (unchanged):: e6615619 b3ab09l08 9d165653 98fb4f38
4073 bytes copied in 0.990 secs
HOU-Shop# config t
HOU-Shop(config)# password cisco
HOU-Shop(config)# enab1e password cisco123
HU–Shp(config)#? config-register 0×00000001
HOU-Shop (config)# hostname ciscoasa
ciscoasa(config)# copy running-config startup-config
Source filename [running-config]?
Cryptochecksum: c82cc8a7 a7a2c3f4 45734f95 dde5b4df
4128 bytes copied in 1.720 secs (4128 bytes/sec)
ciscoasa(config)#
				
			
				
					password cisco ( change user password) 
enab1e password cisco123 (change enabled password) 
config-register 0×00000001 (change the config register back) 
hostname ciscoasa (enter hostname (default used)) 
copy running-config startup-config (now save your changes)
end (back to prompt)
				
			

As I mentioned at the beginning, this ASA came from a customer. Now I was staring at an unknown hostname and no password information for the enable mode. I suppose I could call and ask what the login and password were… But where is the fun in that? Besides, I would have nothing to write about.
The first step in ASA password recovery is to power on and off the device. Once you see the message “Use BREAK or ESC

George S. Davis

George S. Davis

Sr. Network Engineer
George has worked in data, voice, and electronic technologies for over twenty-five years.
From small and mid-size offices to large enterprise fortune 500 companies. He is experienced in legacy voice communications, electronics, VOiP, and DATA networking.

ConfigBytes.com (c) 2008 -2023