nettechonline

Tech Supp - The Final Frontier!

  • Increase font size
  • Default font size
  • Decrease font size
Home Cisco Cisco PIX Cisco PIX - Reset Password

Cisco PIX - Reset Password

E-mail Print PDF
PeteNetLive - KB0000064 - Cisco PIX (500 Series) Password Recovery

Cisco PIX (500 Series) Password Recovery

 
Problem

If you are locked out of your PIX firewall then you will need to do some password recovery, this procedure will reset the enable password and remove any username and password settings on the PIX.

Note: If you have a PIX 520 (This has a floppy drive, and the process is different) CLICK HERE

Solution
 
Before You Start !
 
1. You need to know the software version that is running on the PIX e.g 6.3(5) or 7.0(1)
2. You need a TFTP server set up and running.
3. You need to be connected to the PIX via its console cable.

4. You need to download the "PIX Password Lockout Utility" that's appripriate for your PIX i.e if your running 6.3(5) download np63.bin, or version 7.0(1) download np70.bin etc, you get get them HERE Put the file in the root directory of your TFTP server.

 
Procedure
 
1. Connect to the Firewall via console cable, then power cycle the firewall, as the firewall reboots press BREAK or ESC to interrupt the boot sequence and get to the monitor prompt.

monitor>

2. Now the firewall has no config loaded, so you need to tell it everything it needs to know, firstly we need to set up the inside interface so we can load in the password reset utility. Use the interface command (PIX's with only two interfaces it will default to the inside interface).

monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0012.daf1.5185

monitor>


3. You need to tell it what its inside IP address is, use the address command.

monitor> address 192.168.1.1
address 192.168.1.1


4. Now you need to give it the IP address of the TFTP server you set up ealier, use the server command.

monitor> server 192.168.1.2
server 192.168.1.2


5. The last thing the PIX needs is the name of the password unlock file for this example I’ll use np63.bin, you will need to use the file command.

monitor> file np63.bin
file np63.bin


6. To start the process, issue the tftp command.

monitor> tftp
tftp np63.bin@192.168.1.2.......................................................
................................................................................
..............................................
Received 92160 bytes

Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17 08:01:09 PDT 2003
Flash=E28F640J3 @ 0x3000000
BIOS Flash=E28F640J3 @ 0xD8000


7. Confirm by pressing y then {enter}.

Do you wish to erase the passwords? [yn]


8. Confirm by pressing y then {enter} again.


Do you want to remove the commands listed above from the configuration? [yn] y
Passwords and aaa commands have been erased.

Rebooting....

9. The Firewall will reboot and the passwords will be blanked.

Type help or '?' for a list of available commands.
Firewall> en
Password:
firewall#


References - Credits - Or External Links

Factory Reset a Cisco Firewall

Setup a Cisco PIX with the PDM

 

 


Last Updated on Tuesday, 24 May 2011 22:24