Cisco PIX 501, Admin log on, Serial port using Hyperlink
Need help, we have a Cisco PIX 501 that was setup prior to my start. I'm using hyperterminal to access the device, but I can't get passed the Login - Is there a default password or a way to reset the password without losing everything that is programed on it?
Or Cisco's solution:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml
Oh, default username= pix and password= cisco
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml
Oh, default username= pix and password= cisco
ASKER
I'm very close, but I have one problem, my server is on a very secure network.
I have the Pix connected to a PC and I have the Bin file directly on that machine.
Do i even need to FTP into a Server, why can't I simply run the bin file directly from the Machine I'm plugged into?
I have the Pix connected to a PC and I have the Bin file directly on that machine.
Do i even need to FTP into a Server, why can't I simply run the bin file directly from the Machine I'm plugged into?
ASKER
I tried user name pix and password cisco, didn't work.
Can you show me what the code would look like if I'm trying to load the bin file from the machine I'm directly connected to. Why would I have to FTP to it. I don't know the default gateway of the server. I'm on a PC which is on a outside Internet line, which is on the outside of a Cisco Firewall and there is no way a hyperterminal is getting past this system with a simple IP and Server IP and Gateway to a FTP file.
Any other suggestions.
Can you show me what the code would look like if I'm trying to load the bin file from the machine I'm directly connected to. Why would I have to FTP to it. I don't know the default gateway of the server. I'm on a PC which is on a outside Internet line, which is on the outside of a Cisco Firewall and there is no way a hyperterminal is getting past this system with a simple IP and Server IP and Gateway to a FTP file.
Any other suggestions.
No unfortunately you need to transfer the bin to the PIX, to get this working you should download free TFTP software and setup on your pc - http://tftpd32.jounin.net/
ASKER
What do they mean by this?
Addresses a.b.c.d <Enter> Use the inside interface of your PIX from the map for a.b.c.d
from what map?
Addresses a.b.c.d <Enter> Use the inside interface of your PIX from the map for a.b.c.d
from what map?
smckeown777 is correct, you need TFTP for that.
Solarwinds also has a good one: http://www.solarwinds.com/products/freetools/free_tftp_server.aspx
Solarwinds also has a good one: http://www.solarwinds.com/products/freetools/free_tftp_server.aspx
Ehr, where are you reading that?
Ok, see this link for step by step, you were reading my first link which had a number of different postings, ignore that - use this
http://www.petenetlive.com/KB/Article/0000064.htm
http://www.petenetlive.com/KB/Article/0000064.htm
Also, this posting you were reading
address 10.10.10.10
server 10.10.10.11
file np52.bin
gateway 10.10.10.1
ping 10.10.10.11
tftp
y
This is a list of commands that are needed, he was summarising from the link i just posted, when he mentions 'server' this is your pc IP address(server meaning the TFTP server, which when you download it and run it will be running on your pc)
Not sure if you even need gateway(if you are on same network/LAN as Pix you won't)
address 10.10.10.10
server 10.10.10.11
file np52.bin
gateway 10.10.10.1
ping 10.10.10.11
tftp
y
This is a list of commands that are needed, he was summarising from the link i just posted, when he mentions 'server' this is your pc IP address(server meaning the TFTP server, which when you download it and run it will be running on your pc)
Not sure if you even need gateway(if you are on same network/LAN as Pix you won't)
@smckeown777:
Ah, got it (getting late over here :)
As you said, shouldn't need a gateway.
Ah, got it (getting late over here :)
As you said, shouldn't need a gateway.
No worries @erniebeek, my fault, should have just posted the actual step by step, can be hard to figure all these things out if there are multiple answers/ways!
Yep :)
ASKER
How do you setup the TFTP software properly? I'm using the TFtpd32 software.
I see my server IP which showed up the same as my PC IP name. but what do I use for the Address IP then?
Do i configure the TFTP Client to a different IP that I make up?
I see my server IP which showed up the same as my PC IP name. but what do I use for the Address IP then?
Do i configure the TFTP Client to a different IP that I make up?
Address IP is the IP you are assigning the PIX basically
Server IP is your pc IP(since this is running the TFTP server)
So if your pc IP is 192.168.1.10 for example, set the PIX IP to something in the same subnet - 192.168.1.11 for example
What is the IP of your PC at minute?
Server IP is your pc IP(since this is running the TFTP server)
So if your pc IP is 192.168.1.10 for example, set the PIX IP to something in the same subnet - 192.168.1.11 for example
What is the IP of your PC at minute?
ASKER
Tried this is what i got.
tftp np63.bin@192.168.12.100
TFTP failed (return:-1 arg:0x0)
monitor>
This is what I put in.
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: xxxx
monitor> address 192.168.12.101- the address I put in the tftp client host name
address 192.168.12.101
monitor> server 192.168.12.100 -- Pc that has the File
server 192.168.12.100
monitor> file np63.bin
file np63.bin
monitor> TFTP
Invalid or incorrect command. Use 'help' for help.
monitor> tftp
tftp np63.bin@192.168.12.100 - sat for awhile thinking. then said
TFTP failed (return:-1 arg:0x0)
monitor>
tftp np63.bin@192.168.12.100
TFTP failed (return:-1 arg:0x0)
monitor>
This is what I put in.
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: xxxx
monitor> address 192.168.12.101- the address I put in the tftp client host name
address 192.168.12.101
monitor> server 192.168.12.100 -- Pc that has the File
server 192.168.12.100
monitor> file np63.bin
file np63.bin
monitor> TFTP
Invalid or incorrect command. Use 'help' for help.
monitor> tftp
tftp np63.bin@192.168.12.100 - sat for awhile thinking. then said
TFTP failed (return:-1 arg:0x0)
monitor>
Did you define the correct interface?
monitor> interface 1
monitor> interface 1
ASKER
this is what happens when I type interface 1 and hit enter, I put xxx for the mac address.
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: xxxx-xxxx-xxxx-xxxx
monitor>
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: xxxx-xxxx-xxxx-xxxx
monitor>
What I meant was, is you pc connected to interface 1 (and not to interface 0 by any chance)?
ASKER
Hyper terminal using Com 1
Bits per second 9600
Data bits 8
parity none
stop bits 1
flow control -hardware
is that right?
Bits per second 9600
Data bits 8
parity none
stop bits 1
flow control -hardware
is that right?
I use XON/XOFF for the flow control.
But in my previous comment I referred to the interface on the PIX (0 or 1).
But in my previous comment I referred to the interface on the PIX (0 or 1).
ASKER
Again this is what happens
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: Use ? for help.
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC:
monitor> address 192.168.12.1
address 192.168.12.1
monitor> server 192.168.12.100
server 192.168.12.100
monitor> file np63.bin
file np63.bin
monitor> tftp
tftp np63.bin@192.168.12.100
TFTP failed (return:-1 arg:0x0)
monitor>
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: Use ? for help.
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC:
monitor> address 192.168.12.1
address 192.168.12.1
monitor> server 192.168.12.100
server 192.168.12.100
monitor> file np63.bin
file np63.bin
monitor> tftp
tftp np63.bin@192.168.12.100
TFTP failed (return:-1 arg:0x0)
monitor>
Yes I saw that.
So is your pc connected to interface 1 on the PIX (using UTP)?
So is your pc connected to interface 1 on the PIX (using UTP)?
ASKER
Again, sorry not sure what you mean by
But in my previous comment I referred to the interface on the PIX (0 or 1).
I have a Serial cable plugged directly into the Console from my PC no other Ethernet cables are plugged in.
The PC's address is 192.168.12.100, I installed a tftp program on the PC and it shows the tftp address as 192.168.12.100 so I used that for my server IP, I simply gave the the address IP 192.168.12.1 but I'm not sure how that works since the router isn't connected to any interface. so, maybe that is my problem.
Does the Internet have to go into the Cisco and then I connect my PC to it from one of the LAN, then also have the Serial cable plugged in. I thought the data I'm TFTPing from was comming through the serial cable. If that's not the case then that is probably my issue.
But in my previous comment I referred to the interface on the PIX (0 or 1).
I have a Serial cable plugged directly into the Console from my PC no other Ethernet cables are plugged in.
The PC's address is 192.168.12.100, I installed a tftp program on the PC and it shows the tftp address as 192.168.12.100 so I used that for my server IP, I simply gave the the address IP 192.168.12.1 but I'm not sure how that works since the router isn't connected to any interface. so, maybe that is my problem.
Does the Internet have to go into the Cisco and then I connect my PC to it from one of the LAN, then also have the Serial cable plugged in. I thought the data I'm TFTPing from was comming through the serial cable. If that's not the case then that is probably my issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok that was it, but now what do I use for the password. I go to log in and I tried username pix and password cisco and I can't log in.
ASKER
monitor> tftp
tftp np63.bin@192.168.12.100...
..........................
..........................
Received 92160 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17 08:01:09 PDT 2003
Flash=E28F640J3 @ 0x3000000
BIOS Flash=E28F640J3 @ 0xD8000
Do you wish to erase the passwords? [yn] y
The following lines will be removed from the configuration:
enable password K6FasHhdVcNhDfri encrypted
passwd K6FasHhdVcNhDfri encrypted
Do you want to remove the commands listed above from the configuration? [yn] y
Passwords and aaa commands have been erased.
Rebooting.
tftp np63.bin@192.168.12.100...
..........................
..........................
Received 92160 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17 08:01:09 PDT 2003
Flash=E28F640J3 @ 0x3000000
BIOS Flash=E28F640J3 @ 0xD8000
Do you wish to erase the passwords? [yn] y
The following lines will be removed from the configuration:
enable password K6FasHhdVcNhDfri encrypted
passwd K6FasHhdVcNhDfri encrypted
Do you want to remove the commands listed above from the configuration? [yn] y
Passwords and aaa commands have been erased.
Rebooting.
If you use the console you shouldn't have to give a username. If the password cisco doesn't work, just try to give an enter (no password).
ASKER
Do you know the cmd to see the current running conifig?
sh run
https://www.experts-exchange.com/questions/22843211/Reset-Cisco-PIX-501-to-factory-default-or-reset-password.html