• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1361
  • Last Modified:

Pix 515E Password Reset - stuck at tftp command

Pix 515E (floppyless) with unknown passwords.  Followed several suggestions to reset password.  Stuck at tftp.
Followed directions from:  http://www.cisco.com/warp/public/110/34.shtml as well as others.

Pix515E version 6.3 (verified from console)
Downloaded np63.bin file to tftp root
Started Solarwinds tFtp - ip address 192.168.1.2
Connected cross-over cable from interface 1 to nic on tftp server machine (same as console machine)
Consoled to Pix with Hyperterm Personal - at monitor prompt
entered the following commands:
  interface 1
  address 192.168.1.4
  file np63.bin
  ping 192.168.1.2  (100% successful)
  tftp

At this point it states: tftp np63.bin@192.168.1.2   and NOTHING.  no dots, no activity on the tftp server of a connection, no errors.  Let it sit 15 minutes 'just in case it was a slow day' and received squat.  Unable to break out of command.

From what I've read, if the .bin file is incorrect, erratic behavior is not out of the norm, but usually has to do with not receiving the "clear password" prompt or (god forbid) an actual error message.  I also learned a pix can be configured not to allow a password reset but instead a prompt to erase config.  I'd welcome this at this point.

This pix has more acl rules that I wish to remember and they all need to be changed to new internal ip addresses.  Redoing this from scratch is a cause for concern and one that I'd like to avoid.  No Cisco smart-net/support for this device with this client.

I verified the following information:

tftp server is working (used another win-based pc and connected vai tftp command and received a file)
tftp server is configured to be wide-open
crossover cable is good (tested on other systems)
no firewall running on pc
I've tried using different ip addresses, defining a gateway (i'm on the same subnet, same cable)
I did not try defining a subnet on the pix (is it possible?)
I'm unable to ping the pix from the pc, but can ping the pc from the pix

It's friday, I'm back onsite to attack this monday.  help greatly appreciated!  I'm hoping I overlooked something simple here.
0
dkorfanty
Asked:
dkorfanty
1 Solution
 
kuro2ckCommented:
Hii did you use the server command, which tells the Cisco pix that 192.168.1.2 is the palce to get the tftp file example below


monitor>interface 1
monitor> address 192.168.1.4
monitor> server 192.168.1.2   <<<---------------------
monitor>file np63.bin
monitor>ping 192.168.1.2  (100% successful)
monitor>tftp
0
 
lrmooreCommented:
Do you have a firewall on your TFTP PC?
I always forget to turn off my blackIce when I try to tftp something.
Did you set the security settings on tftp to none - give all files/take all files ?
0
 
dkorfantyAuthor Commented:
kuro2ck - i did do server 192.168.1.2

lrmoore - no firewal installed on laptop - double-checked anyway.  I'm able to use a tftp client and connect and download a file which is what is driving me crazy about the whole thing.  I disabled any and all security on the tftp server.  I've used solarwinds and tftpd32

Solved - assumption once again my downfall.  I assumed that since I was able to connect to the laptop via a tftp client and download a file all was well.  I managed to change all the variables involved (multiple cables, cisco pix's, tftp programs) but assumed my laptop was fine since I confirmed tftp connection and download were possible.

I decided to use a different machine for the tftp server and it worked like a charm.

I'm not 100% sure the cause, but I can't waste the time to determine what it was.
Appreciate the responses.  Sorry to waste time.
0
 
paul1gilbertCommented:
Hi,

My suggestion is to disable any Windows Firewall that you can have and also to test using another TFTP server. I always use TFTPD32. Here is the link: http://tftpd32.jounin.net/
I have never had issues with that one.

Let me know how it goes.

Paul
0
 
GranModCommented:
PAQed with points refunded (500)

GranMod
Community Support Moderator
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now