I received a faulty ASA 5505 from a customer the other day. Customer has already been shipped a replacement and now I asked what should I do with this one, sitting on my desk. The problem with this device is that the power plug had become loose, periodically causing the ASA to reload and causing havoc on the customer’s network. It clearly had to be replaced
Normally I would send a refurbished non smart net covered Cisco item out for repair, if the cost was justified. ASA 5505 can be purchased from Bay for around 375 bucks used and 600 new; cost to repair this plus shipping would have been close to $200. In this case it was better to simply replace it. I decided to crack this box open and take a peek inside. I feel comfortable doing this because my previous career was an electronics bench tech. I’m always looking to take things apart to see what makes them tick; besides I had nothing to loose with this one. Once apart I realize that here was not much to this device. From the picture you can see how the solder joints of the power receptacle became loose and broken around the power connector.
After correcting the solder joints I decided to put the ASA back together, in the picture to the left you will notice that there is a flash card on the front right of the board and one DDR 256 sim across the back. The mother board is held in by oney two screws, for the most part the ASA is very easy to take apart.
Most of the time solder joints become loose due to the device being powered up in a room with lots of other larger devices (ie 6509) and an inadequate cooling system will simply cause it to overheat and melt the joints; thus causing the power to go out, once this happens the solder cools off at whatever state it’s in.
Next time power is applied it may or may not power up and this causes power to be sporadic, one side may have a good condition while the other is barely touching. Ether case it can be easily fixed.
I wanted to add a side note here, although Cisco did release a Field Notice (FN – 62832) that explained and addresses a known power-on issue with 5505’s after reading it I was not entirely convinced that this issue was related to this device. One tip I would like to give is to make sure you place your screws in separate piles, also keep in mind the longer screws that go underneath are for the recessed holes.
After everything was together, I connected my console cable from my laptop and pulled up Secure CRT ( I know most of you prefer the free programs such as puty and teleterm) I like Secure CRT, I’ve been using it a long time and consider it one of the best terminal programs. I plugged in the power cable and saw the power light lit (this is a good sign) then status and nothing… hmm.. press enter a few times on my terminal and seen that the image was loading. ACTIVE IS LIT and I now have a prompt… ugh password?
As I mentioned at the beginning, this ASA came from a customer. and i had no clue what their login info was. Now I found myself staring at unknown host-name and no password information for the enable mode. I suppose I could call and ask what the login and password was.. But where is the fun in that? Besides I would have nothing to write about.
The first step in ASA password recovery is to power on and off the device. Once you see the message “Use BREAK or ESC to interrupt the boot” DO IT, press ESC. (see screen shot lower right) Afterwords you will be placed in ronmon mode. As seen in the screen-shot. From here you simply type confreg and press [ENTER]. This will display the Configuration Register and allow you to changes the configuration and disable system configuration. Keep close attention the bold print below and be sure to write your config register info down, you will need it later.
rommon #1> confreg
Current Configuration Register: 0x00l00000
pass NVRAM fi1e specs in auto-bootloader mode
Do you wish to change this configuration? y/n [n]: y
enable boot to ROMMON prompt? y/n [n]:
enable TFTP netboot? y/n [n]’:o
enable F1ash boot? y/n [n]r:e
select specific F1ash image index? y/n (n]:
disab1e system configuration? y/n [n]: y
go to ROMMON prompt if netboot fails? y/n [nJ:
enable passing NVPAM file specs in auto-boot mode? y/n [n]:
disable display of BREAK or ESC key prompt during auto-boot? y/n [nJr:b **ADD250X250**
Current Configuration Register: 0x00000040
ignore system configuration
Update Config Register (0x40) in NVRAM.’.’.i
Ready Señ&ocoM1 34. 1 34Rows. L4Cds VT100 NUM ,
Once you gather all information needs, only thing left to do is “boot”
ronimon #3> boot
Boot configuration fi1e contains 1 entry.
Copyright (c) 1996-2007 by Cisco systems, Inc
Use, dup1ication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercia1 Computer software – Restricted
Rights c1ause at FAR secs. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technica1 Data and Computer
Software clause at DFARS sec-. 252.227-7013.
Ignoring startup configuration as instructed by configuration r gister.
INFo: Converting to disk0:/
Type help or ‘?’ for a 1ist of avai1able commands.
If you plan on keeping your config file, pay close attention to the following commands because you can easily overwrite your config.
ciscoasa# copy startup-config running-config
Destination fi1ename [running-config]?
INFOr: outside interface address added to PAT poo1
Cryptochecksum (unchanged):: e6615619 b3ab09l08 9d165653 98fb4f38
4073 bytes copied in 0.990 secs
HOU-Shop# config t
HOU-Shop(config)# password cisco
HOU-Shop(config)# enab1e password cisco123
HU–Shp(config)#? config-register 0x00000001
HOU-Shop (config)# hostname ciscoasa
ciscoasa(config)# copy running-config startup-config
Source filename [running-config]?
Cryptochecksum: c82cc8a7 a7a2c3f4 45734f95 dde5b4df
4128 bytes copied in 1.720 secs (4128 bytes/sec)
The steps here very simple and explained in greater detail below.
1) copy startup-config running-config (restore the config)
2) config t (enter config mode)
- password cisco ( change user password)
- enab1e password cisco123 (change enabled password)
- config-register 0x00000001 (change the config register back)
- hostname ciscoasa (enter hostname (default used))
- copy running-config startup-config (now save your changes)
- end (back to prompt)
Keep in mind that the config resister number was retrieved when we first ran confreg at the rommon prompt. Once the ASA comes online you can login with the your passwords and perform show version. If you did not erase your config you can display it and save it at this time. For now, I’ll be clearing this one and starting anew.