This document describes how to recover a password on a Cisco ASA 5500
Series Content Security and Control Security Services Module (CSC-SSM) or the
Advanced Inspection and Prevention Security Services Module (AIP-SSM) without
the need to re-image the device.
A list of additional files that you need for the recovery procedure is
required. This includes an explanation of how and where to get the files and
any processing that needs to happen before the recovery procedure
Cisco ASA 8.x and later software provides a mechanism to reset the
passwords of the SSM modules (CSC or AIP) without the need to re-image the
Note: The CSC and AIP modules must run version 6.0 in order for the feature
to work. There is no option for password recovery in version 5.0 for the
AIP-SSM or CSC-SSM, because this feature is not introduced until version
This password recovery procedure can be used for any of these products:
Technical Tips Conventions for more information on document
This step is necessary in order to complete the password
Issue the hw-module module <module_num>
password-reset command from the Cisco ASA CLI. For the AIP
module, this command sets the configuration register in ROMMON to cause a boot
of the password reset image and then power cycles the module. For the CSC
module, this command sends the session 1 do
reset-password command to the module.
ciscoasa(config)#hw-module module 1 password-reset
Reset the password on module in slot 1? [confirm]
This procedure shows how to recover the password with the Cisco
Adaptive Security Device Manager (ASDM).
For the AIP-SSM, click Tools on the main menu, and
select IPS Password Reset.
For the CSC-SSM, click Tools on the main menu, and
select CSC Password Reset.