Solved: Password Recovery problem with pix 501

cohenrap · ‎09-10-2003

Hello,

my organization uses a pix 501 firewall with software version 6.2. having lost the password I tried earasing them using the faq provided in this site (using np62.bin file thru a TFTP server).

unfortunatly, I still can't log on using the "cisco" default password.

thanks

Raphael Cohen, Tel Aviv University

jmia · ‎09-13-2003

Hello Raphael,

You need to connect to the PIX via the consol port on the PIX. If you have erased the passwords then (as mentioned before), there will be NO password for accessing privilege EXEC access just hit the return, Now you'll need to setup a 'enable' password with command > pix# enable password - the password is case-sensitive and can be a combination of characters and numbers, the length of the password is limited to 16 characters.

You can also now setup telnet access as well in config mode i.e. > pix(config)# telnet [subnet_mask] [interface_name]

example: (in config mode) telnet 192.168.10.10 255.255.255.0 inside

Good idea to use static IP for the above, makesure to save your config with cmd: write memory

Hope this helps - Jay

PS. Please vote this post if it has helped you so that other members can use it if they are having the same problem as you have - it helps!! Thanks.

View solution in original post

jmia · ‎09-10-2003

Hello Raphael,

Follow instructions from here:

http://www.cisco.com/warp/public/110/34.shtml

Hope this helps - Jay

cohenrap · ‎09-10-2003

Hi,

I tried that, still can't log in...

any other ideas?

thanks,

Raphael

jmia · ‎09-11-2003

Hello Raphael,

Firstly, my question to you would be - If you have followed the instructions to the letter on the URL provided and you are still having problem logging on, you must remember that when the PIX erases the password, they are set back to the factory default:

NO password for Privilege EXEC access and 'cisco' for telnet access (that's if you have telnet enabled).

How are you trying to access the PIX, via telnet or consol port, if by consol port then there's NO password for this (read above), I also presume that you did the password recovery in 'monitor mode' via TFTP server ? In some extreme cases your configure file in flash may have become corrupted (only in worst case).

Let me know your thoughts - thanks, Jay.

cohenrap · ‎09-13-2003

Hello Jay,

thanks for your help, telnet is not enables and I'm connecting thru a terminal PC connected serialy to the firewall.

to erase the password I used the update file downloaded thru the TFTP server. what should th euser name and password be now (I tried pix:cisco and pix as suername with no password)?

thanks,

Raphael

jmia · ‎09-13-2003

Hello Raphael,

You need to connect to the PIX via the consol port on the PIX. If you have erased the passwords then (as mentioned before), there will be NO password for accessing privilege EXEC access just hit the return, Now you'll need to setup a 'enable' password with command > pix# enable password - the password is case-sensitive and can be a combination of characters and numbers, the length of the password is limited to 16 characters.

You can also now setup telnet access as well in config mode i.e. > pix(config)# telnet [subnet_mask] [interface_name]

example: (in config mode) telnet 192.168.10.10 255.255.255.0 inside

Good idea to use static IP for the above, makesure to save your config with cmd: write memory

Hope this helps - Jay

PS. Please vote this post if it has helped you so that other members can use it if they are having the same problem as you have - it helps!! Thanks.