Solved

How to access Cisco Pix Firewall

Posted on 2007-03-25
11
465 Views
Last Modified: 2010-04-17
I have a client who had a Cisco Pix installed, and the company that installed it split half way through the setup. We now need to modify the settings inside the firewall, but I cannot figure out how to get into it.

What is the default user / pass / port / address for this device? We have the admin credentials that were supposed to be used, and I am fairly sure it is sitting at 192.168.0.1 (gateway). I just can't figure out how to access it.

any thoughts?

PS. Since my company usually uses all linux based firewalls, this is the first Pix I have worked with. So, answering this like I am a Cisco noob is appropriate.
0
Comment
Question by:DrDamnit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
11 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18788167
Do you have the console cable for the PIX?  It's a flat blue rollover cable that has an RJ-45 on one end and either a DB9 serial connector on the other.  You can use HyperTerminal or some such other terminal emulation program to establish a console session to the PIX.  By default there is no console password you will need to get into it.

There is an "enable" mode password you will need to modify settings (like the root password on a Linux box).  By default, the enable mode password is blank.  Try typing "enable" at the command prompt...it will ask for a password, just hit <Enter>. If the prompt changes to

pix#

then you will be able to make modifications by going to a mode called "config" mode.  Type "config t" and your prompt should change to

pix(config)#

You will then be able to make changes to the configuration of the PIX.

There is a web GUI for the PIX called PDM that you can try to access using https://<inside_ip>.  If you think your inside IP address is 192.168.0.1, then try https://192.168.0.1 and see if you get a login prompt.  However, I would stick with the CLI right now if you're familiar with Linux and iptables or some such other firewall platform.

Post back with what you get since there are probably going to be other questions.  I didn't go too deep into this because I don't know how far you'll get into the firewall.  You may wind up having to perform a password recovery on it.  If none of the passwords you have work on the PIX, see the below link for password recovery procedures for the PIX:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml
0
 
LVL 32

Author Comment

by:DrDamnit
ID: 18788175
Don't have the cable, and https://192.168.0.1 is a "Page cannot be displayed..."
0
 
LVL 32

Author Comment

by:DrDamnit
ID: 18788178
found the cable.... now I don't have a serial port on my laptop... :-(
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 32

Author Comment

by:DrDamnit
ID: 18788181
ok.... using fairy dust, a paper clip, 1/2 a banna peel, and a little luck.... I have the serial cable connected to the laptop.

What next? How do I access the CLI? Is there an app I need to download?
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18788243
Any terminal emulation software that will allow you to choose your serial port as the method of connection should work.  In Windows, HyperTerminal will work (although the scroll back buffer sucks), but it will get you where you need to go.

If you want something a little better, I use something called Tera Term Web (http://www.ayera.com/teraterm/).

When setting up your serial connection, choose the following settings:

9600 baud
8 data bits
1 stop bit
no parity bits
hardware or no flow control works fine

Then hit <Enter> a couple of times and you should see a "hostname>" prompt where hostname is the name of the PIX.
0
 
LVL 32

Author Comment

by:DrDamnit
ID: 18788268
OK, now what is the default user / pass?
0
 
LVL 32

Author Comment

by:DrDamnit
ID: 18788271
failing that, I would like to get the password recovery link you just sent me, but it requires a user/ pass. :-(
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 18788343
For password recovery, here is the link without password;

http://www.cisco.com/warp/public/110/34.shtml

Now,

1. Have you tried to telnet to the box ?

2. Have you tried the ssh to the box ?

3. Have you tried http://<IPAddress> to the box (Watch, it is not https)

If all of the above failed; then proceeding from where you're now;

Batry_Boy has the info above on how to connect using console cable;

try the default password -> cisco

see if it works..

Cheers,
Rajesh
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18788646
Rajesh, I didn't think the PIX supported http, but only https...is this not right?
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18788752
Oops yes, It doesn't support http, only https is allowed. Lot of routers and pix in mind :-)

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 19141844
thnx.

Cheers,
Rajesh
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question