Re: Password Reset on PIX 501

nagel · ‎08-18-2008

I have several PIX 501 firewalls. These have all been configured with addresses on both inside and outside interfaces. These have all been password protected. I am trying to do a pssword reset using the np63.bin file and tftp. I have went over and over the procedure and ahve been unable to make this work. Here is what I am doing exactly.

I am connecting both my laptop and the PIX to a standalone 2950 switch using a stright thru ethernet cable

1.) Boot the 501 into monitor mode

2.) select an interface using the interface command (I have tried both inside 1 and outside 0)

3.) use the address command to set an address on selected interface. ( I am setting both laptop and interface in the same subnet ie 10.10.2.100/24 and 10.10.2.111/24)

4.) use the server command to tell the monitor mode where the tftp (laptop) is.

I am unable to ping the server from pix while consoled in.

I have tried several times over the last few months and have never been able to get it to work.

Has anyone been able to get this to work in the past or can you currently get it to work now.

I am thinking that part of the issue is that the pix already ahs an ip assigned to the interfaces in the PIX config - however since I am locked out, I am unable to see the ip addressess that are currently set.

andrew.prince · ‎08-18-2008

I suggest you use a x-over cable, direct from the pix to your laptop. Having another network device in the mix can "confuse" things.

HTH>

nagel · ‎08-18-2008

After reading your post I thought - "that has to be it". After trying with a crossover, however, that also can be added to the long list of "things that didn't work". Thanks for the try tho.

robertson.michael · ‎08-19-2008

Hi Lonnie,

Be sure to set a gateway with the 'gateway' command as well. Since there is no concept of a subnet mask here, you'll need to specify a gateway even if the PIX and server are in the same subnets.

Hope that helps.

-Mike

nagel · ‎08-19-2008

If I am simply connecting the two together (via hub or direct connect with X over cable) then there really is no gateway involved. Not sure how to set a nonexistent gateway? Can you clarify?

nagel · ‎08-20-2008

All - I have finally resolved this 9 month old issue. You might want to make a note here as it will probably bite you at some time or another. The entire ended up being that Solar Winds free tftp server can nopt be used to perform this procedure on the PIX 501 ( I do not know if specific IOS has anything to do with it or not but I am running 6.3(5) on these). I simply changed tftp server to TFTPD32 and the problem was immediately resolved. Thanks to all of you who have taken a stab at this especially thanks to all of you who have withstood my somewhat "sarcastic" remarks over the past 9 months. There is always a solution - finding it can prove to be elusive at times.

nagel · ‎08-19-2008

The last time I posted this thread (January 2008 - yes I have been messing with this that long) I also received lots of response from persons who wanted to make sure that I was doing basic networking stuff correctly. Although I do want to hear from anyone who might have a solution - I was really hoping to get a response from someone who has made this work using my conditions ( the primary condition being that the PIX already has IP info in configuration and I do not know thw password). I have downloaded and tried the routine outlined by Cisco(in every combination of circumstances imaginable). This really shouldn't be that hard.

robertson.michael · ‎08-19-2008

Hi Lonnie,

You can just configure the gateway as the IP address of the server ('gateway '). However, you will still need to specify the server command as well.

-Mike

NicolaDelPriore58180 · ‎02-15-2021

Hi, Someone can tell me where I Can download nppix.bin to reset the password of a pix 501 router? I tried to find in the support of Cisco but the router is discontinued and I was not able . Any help to alternative download link will be useful. Thanks