Alliance ITReset password on Cisco Pix without losing the config
Cisco PIX (500 Series) Password Recovery
If you are locked out of your PIX firewall then you will need to do some password recovery, this procedure will reset the enable password and remove any AAA username and password settings on the PIX.
Note: If you havea PIX 520 (This has a floppy drive, and the process is different) CLICK HERE
| Before You Start ! |
| 1. You need to know the software version that is running on the PIX e.g 6.3(5) or 7.0(1) |
| 2. You need a TFTP server set up and running CLICK HERE for instructions. |
| 3. You need to be connected to the PIX via its console cable CLICK HERE for instructions. |
| 4. You need to download the “PIX Password Lockout Utility” that’s appripriate for your PIX i.e if your running 6.3(5) download np63.bin, or version 7.0(1) downloadnp70.bin etc, you get get them HERE Put the file in the root directory of your TFTP server. |
| Procedure |
| 1. Connect to the Firewall via console cable, then power cycle the firewall, as the firewall reboots press BREAK or ESC to interrupt the boot sequence and get to the monitor prompt. |
| monitor> |
| 2. Now the firewall has no config loaded, so you need to tell it everything it needs to know, firstly we need to set up the inside interface so we can load in the password reset utility. Use the interface command (PIX’s with only two interfaces it will default to the inside interface). |
| monitor> interface 1 0: i8255X @ PCI(bus:0 dev:17 irq:9 ) 1: i8255X @ PCI(bus:0 dev:18 irq:10) Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0012.daf1.5185 |
| 3. You need to tell it what its inside IP address is, use the address command. |
| monitor> address 192.168.1.1 address 192.168.1.1 |
| 4. Now you need to give it the IP address of the TFTP server you set up ealier, use the server command. |
| monitor> server 192.168.1.2 server 192.168.1.2 |
| 5. The last thing the PIX needs is the name of the password unlock file for this example I’ll use np63.bin, you will need to use the file command. |
| monitor> file np63.bin file np63.bin |
| 6. To start the process, issue the tftp command. |
| monitor> tftp tftp np63.bin@192.168.1.2………………………………………………. …………………………………………………………………….. ………………………………………. Received 92160 bytes Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17 08:01:09 PDT 2003 |
| 7. Confirm by pressing y then {enter}. |
| Do you wish to erase the passwords? [yn] |
| 8. Confirm by pressing y then {enter} again. |
| Do you want to remove the commands listed above from the configuration? [yn] y Passwords and aaa commands have been erased. Rebooting…. |
| 9. The Firewall will reboot and the passwords will be blanked. |
| Type help or ‘?’ for a list of available commands. Firewall> en Password: firewall# |
-Bryan Wirth
AllianceIT