topic Re: FWSM admin access issue in Network Security

FWSM admin access issue

kalashnikovsg — Mon, 11 Mar 2019 15:50:46 GMT

Hi!

I need to gain access to admin context which is located on FWSM module. I don't know it IP-addresses, because other man performed configuration before me. The command "session slot" didn't help me:

session slot 3 processor 1

The default escape character is Ctrl-^, then x.

You can also type 'exit' at the remote prompt to end the session

Trying 127.0.0.31 ...

% Connection refused by remote host

There are two other contexts on it (not admin). I can log to this contexts. But I can't â€œchangetoâ€ admin context because of privileges absence.

My question is the next. Is it possible to log to admin context in my situation without resetting the module? How?

Re: FWSM admin access issue

Kureli Sankar — Fri, 03 Jul 2009 12:50:34 GMT

Are you sure the module is in slot 3? Could you check on the switch config if telnet is not an allowed transport input under the line vty 0 4 config?

From the swtich you can try to do

#sh tcp brief all

and then

#clear tcp tcb

and then try to session in. This is the only way to get to the admin context if you do not remember the IP add to the admin context.

You are right, you cannot change to from other context if it is not designated as the admin context.

I am not sure what code you are running in the FWSM but, read up this defect

CSCsj82547 Management sessions to the FWSM are refused but should be allowed

fixed in 3.2.2

Re: FWSM admin access issue

kalashnikovsg — Mon, 06 Jul 2009 06:08:16 GMT

Hi!

I am sure that the module is in the slot 3. There are no idle connection on the switch. FWSM code is 3.2.1. But I can't upgrade to 3.2.2 because I don't have access to system context.

mvz-rd-csw1-b1a#sh tcp brief all

TCB Local Address Foreign Address (state)

0x105A2A8 0.0.0.0:23 0.0.0.0:0 LISTEN

0x1090B40 0.0.0.0:80 0.0.0.0:0 LISTEN

0x1059420 0.0.0.0:113 0.0.0.0:0 LISTEN

0x1078C38 0.0.0.0:544 0.0.0.0:0 LISTEN

0x1058F48 0.0.0.0:1979 0.0.0.0:0 LISTEN

0x1098E10 0.0.0.0:1989 0.0.0.0:0 LISTEN

0x1098938 0.0.0.0:1992 0.0.0.0:0 LISTEN

0x105A978 10.X.1.Y:23 10.X.28.Y:22498 ESTAB

0x105B53C 10.X.0.Z:23 10.X.48.Z:1121 ESTAB

0x105A780 ????:23 ????:0 LISTEN

Re: FWSM admin access issue

Kureli Sankar — Mon, 06 Jul 2009 10:25:19 GMT

0x105A978 10.X.1.Y:23 10.X.28.Y:22498 ESTAB

0x105B53C 10.X.0.Z:23 10.X.48.Z:1121 ESTAB

You would see 127.0.0.31 as the IP address for the module in slot 3. But, I do not see that in the output.

If you reload the blade I am sure you will be able to session in after which you can upgrade.

If you are not sure of the password to session in the only way is to do password recovery.

You can read here:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/troubl_f.html#wp1049302