askvity

How to Delete ASA Configuration

Published in ASA Configuration Reset 3 mins read

Deleting the configuration on a Cisco ASA firewall is often necessary to restore it to a factory default state or troubleshoot issues. One method involves using the device's ROMMON mode to bypass the existing startup configuration.

Method: Resetting Configuration via ROMMON

This method leverages the ASA's boot process to ignore the stored configuration file, allowing you to start with a blank slate. This is a common procedure when you've lost access to the device or need a complete configuration wipe.

Here are the steps to clear an ASA's configuration using ROMMON, as referenced:

  1. Reboot the Device: Power cycle or issue the reload command on the ASA firewall.
  2. Enter ROMMON: During the boot process, when you see the boot sequence begin, hit the escape key (or the appropriate key indicated on screen, often Esc) to break the normal startup process and enter the ROM Monitor (ROMMON) mode.
  3. Change Configuration Register: In ROMMON, you need to tell the ASA to ignore the saved startup configuration. Use the confreg command to change the configuration register value. The command is:
    rommon #1confreg 0x41

    This changes the configuration register to 0x41, which typically instructs the ASA to boot without loading the startup configuration.

  4. Reset the Appliance: Issue the boot command in ROMMON to restart the ASA with the new configuration register value. The command is:
    rommon #2boot

After performing these steps, the ASA will boot up without loading its previous configuration. You will be presented with the initial setup dialog (if applicable for your ASA version) or a prompt indicating it's running with a default or minimal configuration. At this point, the previous configuration is effectively bypassed. You can then save a new configuration or leave it blank.

Summary of Steps

Step Action Command (if applicable)
1. Reboot Restart the ASA device. reload or Power Cycle
2. Enter ROMMON Press Esc during boot to interrupt the startup sequence. N/A
3. Change confreg Modify the configuration register to bypass the startup config. confreg 0x41
4. Reset/Boot Boot the device using the new configuration register setting. boot

This process effectively clears the active configuration the device loads upon boot, giving you a fresh start. Note that the previous configuration file might still exist in flash memory, but it won't be loaded automatically. You would need to manage files in flash separately if you wanted to completely remove the old configuration file.

For more details on this method, you can refer to resources like fir3net.com.

Related Articles