Cisco ASA 5500 – User Interface and Access Modes

This article will describe about  the user interface and access modes and commands associated with the operation of Cisco ASA 5500 firewall appliances. We assume that you know how to connect to the appliance using a console cable (cable with RJ-45 on one end, and DB-9 Serial on the other end) and a Terminal Emulation software (e.g HyperTerminal), and how to use basic Command Line Interface. A Cisco ASA security appliance has four main administrative access modes:

Monitor Mode:
Displays the monitor> prompt. This a special mode that enables you to update the image over the network or to perform password recovery. While in the monitor mode, you can enter commands to specify the location of a TFTP server and the location of the software image or password recovery binary image file to download. You access this mode by pressing the “Break” or “ESC” keys immediately after powering up the appliance.

Unprivileged Mode:
Displays the > prompt. This prompt will be available when you first access the appliance. If the appliance is a Cisco PIX 500 series, the prompt for unprivileged mode is pixfirewall> and if the appliance is the new Cisco ASA 5500 Series, the prompt is ciscoasa>
This mode provides restricted view of the security appliance. On this menu, you cannot configure anything from this mode. To get started with configuration, the first command you need to know is the enable command. Type enable and hit Enter. The initial password is empty, so hit Enter again to move on the next access mode (Privileged Mode).

ciscoasa> enable <–this is to enter to  Unprivileged Mode
password:               <– Enter a password here (initially its blank)
ciscoasa#                <– Privileged Mode

Privileged Mode:
Displays the # prompt. Enables you to change the current settings. Any unprivileged command also works in this mode. From this mode you can see the current configuration by using show running-config. Still, you cannot configure anything yet until you go to Configuration Mode. You access the Configuration Mode using the “configure terminal” command from the Privileged Mode.
Configuration Mode:

This mode displays the (config)# prompt. Enables you to change all system configuration settings. Use exit from each mode to return to the previous mode.

ciscoasa> enable <– Unprivileged Mode
password: <– Enter a password here (initially its blank)
ciscoasa# configure terminal <– Privileged Mode
ciscoasa(config)# <– Configuration Mode
ciscoasa(config)# exit
ciscoasa# exit <– Back to Privileged Mode
ciscoasa> <– Back to Unprivileged Mode

The (config)# mode is usually called Global Configuration Mode. Some configuration commands from this mode enter a command-specific mode and the prompt changes accordingly. For example the interface command enters interface configuration mode as shown below:

ciscoasa(config)# interface GigabitEthernet 0/1
ciscoasa(config-if)# <– Configure Interface specific parameters

The Unofficial Cisco ASA blog provides technical information and configuration examples about Cisco ASA 5500 Firewalls.


We are teams that have the same hobbies in Information Technologies and have experienced in many fields regarding Information Technologies .

Related Articles

  • Yeah that’s what I’m taklnig about baby–nice work!

  • your article so helpful. many thanks