If you are familiar with Cisco routers and then switches then you might have noticed that the Cisco ASA doesn’t offer the “erase startup-configuration” command. Of course we can erase our startup configuration but there are some other commands to achieve this.
This is the most simple option:
ciscoasa# write erase Erase configuration in flash memory? [confirm] [OK]
Just use “write erase” to remove the startup configuration and reboot your firewall. The other option is to use the factory default method:
ciscoasa(config)# configure factory-default 192.168.1.1 255.255.255.0 Based on the management IP address and mask, the DHCP address pool size is reduced to 253 from the platform limit 256 WARNING: The boot system configuration will be cleared. The first image found in disk0:/ will be used to boot the system on the next reload. Verify there is a valid image on disk0:/ or the system will not boot. Begin to apply factory-default configuration: Clear all configuration Executing command: interface management0/0 Executing command: nameif management INFO: Security level for "management" set to 0 by default. Executing command: ip address 192.168.1.1 255.255.255.0 Executing command: security-level 100 Executing command: no shutdown Executing command: exit Executing command: http server enable Executing command: http 192.168.1.0 255.255.255.0 management Executing command: dhcpd address 192.168.1.2-192.168.1.254 management Executing command: dhcpd enable management Executing command: logging asdm informational Factory-default configuration is completed
As you can see above this clears the configuration and enables the management interface with the IP address we specified. It also enables DHCP server and HTTP server so that we can connect through ASDM.
Hi. Although not directly related to this wondering if you could help me out as it relates to NTP and the ASA. Does the ASA only support NTP using authentication?
Normal NTP should work, I also did that in this example:
hi rene I’ve almost completed my ccnp route and switch and I hope to be starting the ccnp security track sometime this year but i’d like to build my own home lab but i’m not sure what i’d need to cover all the stuff on the new exam as I’ve heard a lot of people saying that cisco have not even released the training books for the exam yet could you help me with what I would need for a home lab thanks
Hi Shaun. I have a Cisco PIX515E and a 2851. Most of the commands that Rene uses are able to be used on the PIX. These are available on eBay for a fraction of the cost of an ASA. Get one with an unlimited licence and IOS version 8. This allows for a RAM upgrade to 256MB+ and failover if you get adventurous. The RAM & CPU are also easily upgradeable. Cheers, Matt.
Hi Shaun & Matt,
If your goal is to study for the exams then it’s best to start with the blueprints that have the exam topics. I’ve added them in the attachment.
Here’s a general overview:
The SIMOS exam has topics like DMVPN, FlexVPN, IPsec, GETVPN, etc. You can test any of these topics on IOS routers and the ASA. I would make sure that you use IOS 15 and the latest ASA images otherwise you might run into issues with commands that are not supported.
SENSS is all about security on switches, routers and the ASA.
In the SITCS exam you have some different topics…t... Continue reading in our forum