Solved: Re: Password recovery on AIM-IPS

jaroslavremen4 · ‎12-28-2010

Hello all

Could somebody be so kind and help me with password recovery on our AIM-IPS. I followed steps in http://www.cisco.com/en/US/docs/security/ips/6.0/installation/guide/hwTS.html#wp1117969 but unsuccessfully. I torn down all my hairs. Many thanx somebody who resolve my issue .

Marcin Latosiewicz · ‎12-31-2010

Jaroslav,

Of course it is ;-)

Instead of sessioning to device you're sessioning to your own router

bsns-2821-4#service-module idS-Sensor 0/0 session
Trying 192.168.15.15, 2194 ... Open

AIM-IPS-TEST login:

And when you do your session:

Refoma# service-module idS-Sensor 0/1 session
Trying 10.15.10.1, 2130 ... Open

User Access Verification

Username:

For comparison, when you telnet/ssh to router:



bsns-2821-4#telnet 44.11.252.4
Trying 44.11.252.4 ... Open


User Access Verification

Password:

I added a basic line config that should take care of part of a problem, but I guess the bigger question is, what has been done to trigger this ;-)

line 130
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
 speed 115200

Marcin

View solution in original post

Marcin Latosiewicz · ‎12-28-2010

Jaroslav,

What exactly didn't work? Any error messages?

As last ditch effort you can reimage the module completly (make sure you have your license key backed up!)

Marcin

jaroslavremen4 · ‎12-30-2010

Hello Marcin

There is no error message. According to steps in mentioned document I'd like to press *** in boot but there is nothing like a "boot output". I do not care with which way I'll get in but I'd like to log in or reimage AIM-IPS .

I appreciate your help , thank you

Marcin Latosiewicz · ‎12-31-2010

Jaroslav,

Try reimaging then.

http://www.cisco.com/en/US/docs/security/ips/7.0/installation/guide/hw_system_images.html#wp1230353

But I'm curious ... the password resetting service can be disabled but it does not explain why you're not going into boot menu.
Can you log your session output?

Marcin

jaroslavremen4 · ‎12-31-2010

Hello Marcin

This step do not appear

Step 7 Press Enter to resume the suspended session.

After displaying its version, the bootloader displays this prompt for 15 seconds.

Please enter '***' to change boot configuration:

Step 8 Enter *** during the 15-second delay.

I cannot insert ***

Anyway I created user /--removed--/ , password: /--removed--/ , IP address /--removed--/ , please be so kind and check it out. I will appreciate it. Thanx

Message was edited by: Michael Simon

Marcin Latosiewicz · ‎12-31-2010

Please remove the IP address and username and passoword as soon as possible.

Part of the problem:

Refoma#service-module idS-Sensor 0/1 session 
Trying 10.15.10.1, 2130 ... Open


User Access Verification

Username: 
Refoma#who                                   
    Line       User       Host(s)              Idle       Location
 130 tty 130              incoming             00:00:08 10.15.10.1
 194 vty 0     remen      idle                 00:00:04
                                                 static-78-141-127-225.orange.sk
*195 vty 1     tftpuser   10.15.10.1           00:00:06 64-103-25-233.cisco.com

You'll notice that session tty 130 is actually terminated on router itself and not IDS if I understand correctly.

Marcin

jaroslavremen4 · ‎12-31-2010

Yes...It is a problem ?

Marcin Latosiewicz · ‎12-31-2010

Jaroslav,

Of course it is ;-)

Instead of sessioning to device you're sessioning to your own router

bsns-2821-4#service-module idS-Sensor 0/0 session
Trying 192.168.15.15, 2194 ... Open

AIM-IPS-TEST login:

And when you do your session:

Refoma# service-module idS-Sensor 0/1 session
Trying 10.15.10.1, 2130 ... Open

User Access Verification

Username:

For comparison, when you telnet/ssh to router:



bsns-2821-4#telnet 44.11.252.4
Trying 44.11.252.4 ... Open


User Access Verification

Password:

I added a basic line config that should take care of part of a problem, but I guess the bigger question is, what has been done to trigger this ;-)

line 130
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
 speed 115200

Marcin

jaroslavremen4 · ‎01-01-2011

Hello Marcin

Thank you for your intervention in this case. I appreciate it.

Your last answer point me to one clue so now I am able to login to IPS. Many thanx.

I wish you Happy New Year

Bye

Marcin Latosiewicz · ‎01-02-2011

Hello,

Again, I'm glad you worked it out, can you maybe indicated what you've done so people who stumble upon this thread will find what they need? :-)

Thanks and indeed happy new year!

Marcin

jaroslavremen4 · ‎01-10-2011

Hello Marcin

For all ( include me ) who will have trouble with password recovery and reimaging AIM-IPS on router

If you will following steps from password recovery document

Password Recovery for AIM-IPS

To recover the password for AIM-IPS, use the clear password command. You must have console access to AIM-IPS and administrative access to the router.

To recover the password for AIM-IPS, follow these steps:

Step 1 Log in to the router.

Step 2 Enter privileged EXEC mode on the router:

router> enable

Step 3 Confirm the module slot number in your router:

router# show run | include ids-sensor

interface IDS-Sensor0/0

router#

Step 4 Session in to AIM-IPS:

router# service-module ids-sensor slot/port session

Example:

router# service-module ids-sensor 0/0 session

Step 5 Press Control-shift-6 followed by x to navigate to the router CLI.

Step 6 Reset AIM-IPS from the router console:

router# service-module ids-sensor 0/0 reset

Step 7 Press Enter to return to the router console.

Step 8 When prompted for boot options, enter *** quickly.

You are now in the bootloader.

Step 9 Clear the password:

ServicesEngine boot-loader# clear password

there is step 4.5, that you must login with your router credentials first. After this you can continue on procedure following next steps.

That's all.