Cisco ASA Erase Configuration

If you are familiar with Cisco routers and then switches then you might have noticed that the Cisco ASA doesn’t offer the “erase startup-configuration” command. Of course we can erase our startup configuration but there are some other commands to achieve this.

This is the most simple option:

ciscoasa# write erase 
Erase configuration in flash memory? [confirm] 

Just use “write erase” to remove the startup configuration and reboot your firewall. The other option is to use the factory default method:

ciscoasa(config)# configure factory-default   
Based on the management IP address and mask, the DHCP address
pool size is reduced to 253 from the platform limit 256

WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.

Begin to apply factory-default configuration:
Clear all configuration
Executing command: interface management0/0
Executing command: nameif management
INFO: Security level for "management" set to 0 by default.
Executing command: ip address
Executing command: security-level 100
Executing command: no shutdown
Executing command: exit
Executing command: http server enable
Executing command: http management
Executing command: dhcpd address management
Executing command: dhcpd enable management
Executing command: logging asdm informational
Factory-default configuration is completed

As you can see above this clears the configuration and enables the management interface with the IP address we specified. It also enables DHCP server and HTTP server so that we can connect through ASDM.


Forum Replies

  1. Hi Shaun & Matt,

    If your goal is to study for the exams then it’s best to start with the blueprints that have the exam topics. I’ve added them in the attachment.

    Here’s a general overview:

    The SIMOS exam has topics like DMVPN, FlexVPN, IPsec, GETVPN, etc. You can test any of these topics on IOS routers and the ASA. I would make sure that you use IOS 15 and the latest ASA images otherwise you might run into issues with commands that are not supported.

    SENSS is all about security on switches, routers and the ASA.

    In the SITCS exam you have some different topics…t

    ... Continue reading in our forum

  2. Hi Rene:

    I’ve been looking round for a good reading list regarding firewalls and VPN’s as i already have passed my ccna security exam. The INE website gives you a list but alot of these book came out in 2005 thats a long time ago, and the tech world moves fast. Can you please tell me what books would be a good read i don’t mind if they are CCIE level because i can just take my time understanding them. This is the list i’m thinking of buying

    Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance / I’ve now got this book really good and upto dat

    ... Continue reading in our forum

  3. Hi Shaun,

    The “Cisco ASA All-in-One Next Generation Firewall” book is great. It’s up-to-date and covers pretty much everything. The only thing it doesn’t cover I think is Firepower so you might want to look for another resource to learn that.

    “The Complete Cisco VPN Configuration Guide” is quite old so I wouldn’t recommend it, especially if you have the “all-in-one” book. The “Cisco Firewalls (Cisco Press Networking Technology) by Alexandre M.S.P.” gets good reviews and it’s from 2011. It might be nice to read just to review everything again.

    In the ASA platfor

    ... Continue reading in our forum

  4. Good Time OF The Day Rene,

    Hope You Are Well… Stay Blessed…:slight_smile:

    Rene, All Of Your Lessons Are Great. You Always Start From Scratch And Take It To Peak…

    But This ASA Firewall Topic… You Have Simply Started With Configuration… And No Basic Literature …:frowning:

    Can You Please Share Some Basics Toward ASA Firewall … That Would Be Highly Appreciated…

    Many Thanks In Anticipation


  5. Hi Rene

    I have this Cisco ASAv version 9.5.1

    I am trying to set the management interface with ip address and gateway with mask

    show running-config interface gigabitEthernet 0/0
    Interface GigabitEthernet0/0
     dewscription LAN Interface
     nameIf Inside
     security-level 100
     ip address
    show running-config interface gigabitEthernet 0/1
    Interface GigabitEthernet0/1
     dewscription WAN_Ingress Interface
     nameIf Outside
     security-level 0
     ip address
    show running-config route
    ... Continue reading in our forum

6 more replies! Ask a question or join the discussion by visiting our Community Forum