Solved: pix 501 password recovery/restore default configuration

Accountware · ‎06-11-2004

Need to reset PIX 501 (lost password). I tried the password recovery instructions and can get to the monitor command by using the console connection but can not get file to transfer using tftp (ping command also times out).

1. Should the interface command be set to 0 or 1 (I have been using 1)

2. For the Address command I have been using 192.168.1.1

3. For the server command I have been using the IP address of the tftp server

4. Gateway? (Who's the PIX or the Computer's)?

5. Besides the Blue console cable what if any other cables should be connected and to which ports.

Thanks

dkea · ‎06-11-2004

I'm guessing you already have this document:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml

I would use the default INSIDE interface of 1. Connect a standard ethernet cable to one of the inside interface ports on the PIX and the other to your PC that has the tftp server software on it. Make sure that you see a link light on both ends. If not, toss that cable or save it if you think it's a crossover cable. If you are setting the PIX address to: 192.168.1.1 then I would set my tftp server address to: 192.168.1.2 or something in the same subnet. This way we won't care what the Gateway address is. No need to let pesky routers get in the way when we're down!!!

Since you asked question number 5 above I will elaborate. You should have a console cable connected, which it appears you do since you can get to the monitor> prompt. You will also need an ethernet cable connected a PC running a tftp server with an IP address of: 192.168.1.2 3Com makes a really good tftp server that's F*R*E*E.

http://support.3com.com/software/utilities_for_windows_32_bit.htm

Pick the last file in the list. Make sure you get the password recovery file from the Cisco link above for the version of PIX OS you are running. Configure the tftp server to point to the directory that has the PIX password recovery file and you're all set. Good luck, Derrick

View solution in original post

dkea · ‎06-11-2004

I'm guessing you already have this document:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml

I would use the default INSIDE interface of 1. Connect a standard ethernet cable to one of the inside interface ports on the PIX and the other to your PC that has the tftp server software on it. Make sure that you see a link light on both ends. If not, toss that cable or save it if you think it's a crossover cable. If you are setting the PIX address to: 192.168.1.1 then I would set my tftp server address to: 192.168.1.2 or something in the same subnet. This way we won't care what the Gateway address is. No need to let pesky routers get in the way when we're down!!!

Since you asked question number 5 above I will elaborate. You should have a console cable connected, which it appears you do since you can get to the monitor> prompt. You will also need an ethernet cable connected a PC running a tftp server with an IP address of: 192.168.1.2 3Com makes a really good tftp server that's F*R*E*E.

http://support.3com.com/software/utilities_for_windows_32_bit.htm

Pick the last file in the list. Make sure you get the password recovery file from the Cisco link above for the version of PIX OS you are running. Configure the tftp server to point to the directory that has the PIX password recovery file and you're all set. Good luck, Derrick