If you are familiar with Cisco routers and switches, then you might have noticed that the Cisco ASA doesn’t offer the erase startup-configuration command. Of course, we can erase our startup configuration, but there are some other commands to achieve this.
This is the most simple option:
ciscoasa# write erase
Erase configuration in flash memory? [confirm]
[OK]Just use write erase to remove the startup configuration and reboot your firewall. The other option is to use the factory default method:
ciscoasa(config)# configure factory-default 192.168.1.1 255.255.255.0
Based on the management IP address and mask, the DHCP address
pool size is reduced to 253 from the platform limit 256
WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.
Begin to apply factory-default configuration:
Clear all configuration
Executing command: interface management0/0
Executing command: nameif management
INFO: Security level for "management" set to 0 by default.
Executing command: ip address 192.168.1.1 255.255.255.0
Executing command: security-level 100
Executing command: no shutdown
Executing command: exit
Executing command: http server enable
Executing command: http 192.168.1.0 255.255.255.0 management
Executing command: dhcpd address 192.168.1.2-192.168.1.254 management
Executing command: dhcpd enable management
Executing command: logging asdm informational
Factory-default configuration is completedAs you can see above, this clears the configuration and enables the management interface with the IP address we specified. It also enables the DHCP server and HTTP server so that we can connect through ASDM.
Rene,
Hi. Although not directly related to this wondering if you could help me out as it relates to NTP and the ASA. Does the ASA only support NTP using authentication?
Many thanks,
Thomas
Hi Thomas,
Normal NTP should work, I also did that in this example:
https://networklessons.com/cisco/asa-firewall/cisco-asa-clock-configuration
Rene
hi rene I’ve almost completed my ccnp route and switch and I hope to be starting the ccnp security track sometime this year but i’d like to build my own home lab but i’m not sure what i’d need to cover all the stuff on the new exam as I’ve heard a lot of people saying that cisco have not even released the training books for the exam yet could you help me with what I would need for a home lab thanks
Hi Shaun. I have a Cisco PIX515E and a 2851. Most of the commands that Rene uses are able to be used on the PIX. These are available on eBay for a fraction of the cost of an ASA. Get one with an unlimited licence and IOS version 8. This allows for a RAM upgrade to 256MB+ and failover if you get adventurous. The RAM & CPU are also easily upgradeable. Cheers, Matt.
Hi Shaun & Matt,
If your goal is to study for the exams then it’s best to start with the blueprints that have the exam topics. I’ve added them in the attachment.
Here’s a general overview:
The SIMOS exam has topics like DMVPN, FlexVPN, IPsec, GETVPN, etc. You can test any of these topics on IOS routers and the ASA. I would make sure that you use IOS 15 and the latest ASA images otherwise you might run into issues with commands that are not supported.
SENSS is all about security on switches, routers and the ASA.
In the SITCS exam you have some different topics…t
... Continue reading in our forum