10-05-2005 08:14 PM - edited 02-21-2020 12:26 AM
Trying to reset to factory defaults due forgeten password, keep get an error?
Any ideas why?
Thnx
monitor> address 192.168.123.200
address 192.168.123.200
monitor> gateway 192.168.123.254
gateway 192.168.123.254
monitor> server 192.168.123.100
server 192.168.123.100
monitor> file np63.bin
file np63.bin
monitor> tftp
tftp np63.bin@192.168.123.100 via 192.168.123.254
TFTP failed (return:-12 arg:0x0)
monitor> ping 192.168.123.100
Sending 5, 100-byte 0x3f29 ICMP Echoes to 192.168.123.100, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> inerface 1
Invalid or incorrect command. Use 'help' for help.
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:13 irq:11)
1: i8255X @ PCI(bus:0 dev:14 irq:10)
Using 1: i82559 @ PCI(bus:0 dev:14 irq:10), MAC: 0004.9ad0.fd7f
monitor> trace
trace on
monitor> tftp
tftp np63.bin@192.168.123.100 via 192.168.123.254<3><3><3><3><3><3><3><3><3><3>AAAAAAAAAAA<5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5
TFTP failed (return:-12 arg:0x0)
monitor>
10-05-2005 09:50 PM
In configuration mode:
configure factory-default
..Follow the on screen instructions...
Hope this helps, and please rate post if it does as it may help others too.
Jay
10-06-2005 02:44 PM
How do you get into config mode whenyour locked out?
Thnx
10-06-2005 06:30 AM
Factory config looks like this:
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname pixfirewall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500
no ip address outside
ip address inside 192.168.1.1 255.255.255.0
no ip address intf2
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
To erase the config use:
write erase
reload
To your TFTP problem:
Have you downloaded the PIX OS Image in BINARY mode ?
Otherwise the image get corrupted.
sincerely
Patrick
10-07-2005 05:03 AM
Hi ..
I understandyour second question on how to erase the config when you are locked out :-))) that is tricky.
So back to your problem:
- Are you 100% sure that the tftp server is working ?
can you test it withan tftp client from another pc ?
Otherwise I have no clue, since your commands are fine (very simple) ..
/Jakob
10-07-2005 12:33 PM
TFTP was the issue had to use the following software and it work...http://perso.wanadoo.fr/philippe.jounin/download/tftpd32e.zip
Followed the Cisco doc and reset the password...
Thanks guys..!
PS I tried FTP to/from IIS6 and a few other vendors..didn't work only the above did.
10-07-2005 08:54 AM
I've ran into situations where I had to disable logging and progress tracking on the tftp server for the PiX to download properly in monitor mode.
Bob
10-09-2005 02:49 AM
Make sure you use tftpd32 tftp server form:
(File: tftpd32.280.zip)
Incase using windows-xp SP2, make sure you do not have windows firewall turned on and tftp server up and running and pointing to np63.bin file.
If your Pix is running 6.3 code then you can first try with np63.in else at times this dosen't work then you can use np62.bin to try with that.
make sure you do not have two different tftp servers installed/running on your system.
-Most important, i notice you using "gateway"; try avoiding gateway command while doing password recovery and make sure to connect the tftp server host directly to your pix inside interface. I'm sure this would fix the issue and recover the password for you.
Rahul Pathania
10-09-2005 04:11 AM
just a suggestion of tftp server software.
it's a freeware and very user friendly, namely pumpkin.
10-09-2005 05:18 AM
Yes, it is absolutely freeware and recommended by us.
10-09-2005 10:32 PM
I will give it a try, but my favourite has till now been 3coms combined tftp/ftp/syslog program .. freeware and very small footprint :-)
Official version (not updated since 1999)
http://support.3com.com/software/utilities_for_windows_32_bit.htm
Unofficial version:
http://www.governmentsecurity.org/forum/index.php?showtopic=4146
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide