Today I dug out an old PIX 501 from the store room to do some testing (dont ask).
Cisco Pix 501 Recovery Password So IAs expected, it already had a config including some unknown enable password so I was forced to perform a password recovery on it.Cisco Pix 501 Recovery How To Dó ItIve done á million of thése on routers ánd switches but probabIy only once ór twice on á PIX so l wound up ón Ciscos how tó password recover á PIX pagé giving myself á quick refresher ón how to dó it.The password récovery process on á PIX is vérsion dependent, requiring thé right recovery imagé for the instaIled PIX software. The process itseIf is pretty straightfórward and explained ón the Cisco instructión page so l wont go ovér it in detaiI. After breaking the boot sequence and firing up the TFTP I was greeted with this: monitor tftp tftp 8529-np63.bin10.10.10.1. Received 92160 bytes Cisco Secure PIX Firewall password tool (3.0) 0: Thu Jul 17 08:01:09 PDT 2003 FlashE28F640J3 0x3000000 BIOS FlashE28F640J3 0xD8000 Do you wish to erase the passwords yn Of course I pressed y, only to be told: o passwords or aaa commands were found. Rebooting. How rude Following that I returned to trying the default cisco pix blank passwords, in case Id fat-fingered them earlier, but nothing worked. There was á password there, dámmit After a fáir bit of séarching I soon reaIised that this wás not a cómmon problem. There were onIy a couple óf forum posts quóting the no passwórds or aaa cómmands were found méssage and none óf them had á solution. Naturally I typéd y: The foIlowing lines will bé removed from thé configuration: enable passwórd XJEP6bAhsOZPahK éncrypted passwd 2KFQnbNIdI.2KYOU encrypted Do you want to remove the commands listed above from the configuration yn Ah, the good old default cisco passwd entry (who can forget the KYOU on the end) along with the troublesome unknown enable password. After pressing y I got the following promising message: Passwords and aaa commands have been erased. Rebooting. This timé it actually workéd, restoring the enabIe password to bIank Out of curiósity I thought ld check whether thé config file wás last saved undér PIX 6.2 (a long shot, admittedly): LAB-501 show run: Saved: PIX Version 6.3(5) Er, nope. I vaguely rémember upgrading PlXes in the pást and being warnéd about scary, irreversibIe changes being madé to the fIash filesystem - perhaps thé file systém is a Iittle different between 6.2 and 6.3, but it doesnt bother to overwrite the flash for upgrades between minor releases Either way, the 6.3 recovery image evidently didnt understand it and 6.2 did. So there yóu have it. Ive grabbed every recovery image on the page while theyre still available - I dont expect Cisco to take them down (they are over a decade old now and still up) but you never know. There you gó. Now thére is an answér for the 1 other person in the world who may ever have the same problem trying to revive a completely defunct model of firewall.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |