Having trouble resetting cisco pix password

Hi

I need to reset the password to a cisco pix to change the VPN details but i dont have the password. I am also not sure about the internal IP address. I have followed the procedure to rest the password from cisco but i cant seem to resolve.

I have connnected the cisco pix usinf a concsole cable and have downloaeded atftp server plus the .bin file i require . I get as far as transfering but cant seem to ping anything. I would be grateful if anyone could help me

Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001
Platform PIX-501
Flash=E28F640J3 @ 0x3000000

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0017.e0e3.6785
Use ? for help.
monitor> address 82.69.157.46
address 82.69.157.46
monitor> server 192.168.0.54
server 192.168.0.54
monitor> file nppix
file nppix
monitor> tftp
tftp nppix@192.168.0.54
TFTP failed (return:-1 arg:0x0)
monitor>

Thanks

Mark
MARKWILKYAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

broeckskeCommented:
... Was a bit too fast there, sry

here is your problem:

monitor> address 82.69.157.46
address 82.69.157.46
monitor> server 192.168.0.54
server 192.168.0.54

You say to your pix that his address is 82.69.157.46, and then you want him to connect to a tftp server that is on another subnet 192.168.0.54

It should be something like this:

monitor> address 192.168.0.1      <--- address pix
address 192.168.0.1
monitor> server 192.168.0.54      <--- address tftp server
server 192.168.0.54


Regards,

Broeckske
0
MARKWILKYAuthor Commented:
Thanks for that , but i have done that and cant get it to work .. There seems to be a problem pinging. and also im not sure of the internal IP address of the pix as we have 2 internet connections and this one is only used for VPN to USA.  The USA have moved sites and i need to change the EXt IP of the USA side .
Is there any way i can confirm the internal IP . I think it is 192.168.0.5 but not sure.

When i try pinging i get no response. Do i need to use a cross over cable between the to devices
I am using 3CDaemon TFTP server

Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001
Platform PIX-501
Flash=E28F640J3 @ 0x3000000

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0017.e0e3.6785
Use ? for help.
monitor> address 192.168.0.5
address 192.168.0.5
monitor> server 192.168.0.54
server 192.168.0.54
monitor> file nppix
file nppix
monitor> tftp
tftp nppix@192.168.0.54
TFTP failed (return:-1 arg:0x0)
monitor>



thanks


0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

MARKWILKYAuthor Commented:
I have tryed it using the internal IP , see last post but still no joy

any more ideas please
0
broeckskeCommented:
At this point in the boot process the configuration is not loaded so it doesn't matter what the original ip was, you define it yourself when you type address 192.168.0.5

lets take this step by step, Have you verified your tftp server is working ? Do you have another machine on the same network from where you can try to download the file from the tftp server ?

on another machine in the same network open a cmd shell and type this:

tftp -s 192.168.0.54 GET nppix

does this work ? If not check your tftp settings, also check whether the filename ius correct
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan Huseyin KayahanCommented:
 Hi MARKWILKY
        In your original post, you say that you connect the console cable and doing stuff. What I understand from this statement is you dont have the UTP cable's one end connected to PIX's inside interface and other end to tftp server with ip 192.168.0.54.
       Also make sure windows firewall or any other running software firewall in 192.168.0.54 is temporarily disabled during tftp process

Regards
0
MARKWILKYAuthor Commented:
Hi thanks for all your advice

but i think im losing the plot, as i can even connect to the file using the cmd. It have disable all firewalls. and i have checked the TFTP server config , see attchment



CISCO SYSTEMS PIX-501                    
Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08                                                  
Compiled by morlee                  
16 MB RAM        

PCI Device Table.                
Bus Dev Func VendID DevID Class              Irq                                                
 00  00  00   1022   3000  Host Bridge                                      
 00  11  00   8086   1209  Ethernet           9                                              
 00  12  00   8086   1209  Ethernet           10                                                

Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001                                                                    
Platform PIX-501                
Flash=E28F640J3 @ 0x3000000                          

Use BREAK or ESC to interrupt flash boot.                                        
Use SPACE to begin flash boot immediately.                                          
Use SPACE to begin flash boot immediately.                                          
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0017.e0e3.6785
Use ? for help.
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 0: i82557 @ PCI(bus:0 dev:17 irq:9 ), MAC: 0017.e0e3.6784
monitor> address 192.168.0.5
address 192.168.0.5
monitor> server 192.168.0.54
server 192.168.0.54
monitor> file nppix
file nppix
monitor> tftp
tftp nppix@192.168.0.54
TFTP failed (return:-10 arg:0x2)
monitor> ping 192.168.0.54
Sending 5, 100-byte 0x2b5e ICMP Echoes to 192.168.0.54, timeout is 4 seconds:

Success rate is 0 percent (0/5)
monitor>



pic.doc
0
MARKWILKYAuthor Commented:
do i need cross over cable as well as console cable
0
broeckskeCommented:
you don't need a cross over cable, just a normal patch cable from the inside ethernet port (prob eth1) to your pc or to a switch that is connected to your pc and of course you also need to connect the console cable
0
Alan Huseyin KayahanCommented:
  MARKWILKY
        If you are connecting inside interface directly to a PC, then yes you need a crossover cable. But if you are connecting inside interface to a switch or hub which tftp server PC is also connected to, then you dont need a crossover. Btw in your last attempt, you choose interface 0 which is outside in this case. Make sure you are aware of your interfaces and connections (if to a switch or directly to tftp server)

Regards
0
MARKWILKYAuthor Commented:
Hi again

I tryed again using the interface 0 , i have also checked that it in eth port1 on pix and ai have also put the pix and the pc on it own switch. I then tryed again with different IP address for the pix and i still get the same , i can understand what im doing wrong .... It driving me crazy ..lol....

so i check the tftp server config and it pointing to c:\tftp which is where the dile is nppix.bin. the error message i get is

TFTP failed (return:-10 arg:0x2) and on tftp serve can not open requesting file..

I have checked permissions on the folder. but still no joy .....

can any one help .... i must be going stupid think i need a new job ..lol...



0
MARKWILKYAuthor Commented:
hi again

i can ping all the servers and the pc but still says
TFTP failed (return:-10 arg:0x2) and on tftp serve can not open requesting file..

0
MARKWILKYAuthor Commented:

CISCO SYSTEMS PIX-501                    
Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08                                                  
Compiled by morlee                  
16 MB RAM        

PCI Device Table.                
Bus Dev Func VendID DevID Class              Irq                                                
 00  00  00   1022   3000  Host Bridge                                      
 00  11  00   8086   1209  Ethernet           9                                              
 00  12  00   8086   1209  Ethernet           10                                                

Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001                                                                    
Platform PIX-501                
Flash=E28F640J3 @ 0x3000000                          

Use BREAK or ESC to interrupt flash boot.                                        
Use SPACE to begin flash boot immediately.                                          
Flash boot interrupted.                      
0: i8255X @ PCI(bus:0 dev:17 irq:9 )                                    
1: i8255X @ PCI(bus:0 dev:18 irq:10)                                    

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0017.e0e3.6785                                                              
Use ? for help.              
monitor> interface1                  
Invalid or incorrect command.  Use 'help' for help.                                                  
monitor> interface 1                    
0: i8255X @ PCI(bus:0 dev:17 irq:9 )                                    
1: i8255X @ PCI(bus:0 dev:18 irq:10)                                    

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0017.e0e3.6785                                                              
monitor> address 192.168.0.1                            
address 192.168.0.1                  
monitor> server 192.168.0.54                            
server 192.168.0.54                  
monitor> fil          
file nppix          
monitor> tftp            
tftp nppix@192.168.0.54                      
TFTP failed (return:-10 arg:0x2)                                
monitor> ping 192.168.0.1                        
Sending 5, 100-byte 0xc91a ICMP Echoes to 192.168.0.1, timeout is 4 seconds:                                                                            

Success rate is 0 percent (0/5)                              
monitor> ping 192.168.0.2                        
Sending 5, 100-byte 0xc91b ICMP Echoes to 192.168.0.2, timeout is 4 seconds:                                                                            
!!!!!    
Success rate is 100 percent (5/5)                                
monitor> ping 127.0.0.1                      
Sending 5, 100-byte 0xc91c ICMP Echoes to 127.0.0.1, timeout is 4 seconds:                                                                          

Success rate is 0 percent (0/5)                              
monitor> ping 192.168.0.54                          
Sending 5, 100-byte 0xc91d ICMP Echoes to 192.168.0.54, timeout is 4 seconds:                                                                            

Success rate is 0 percent (0/5)                              
monitor>        


CISCO SYSTEMS PIX-501                    
Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08                                                  
Compiled by morlee                  
16 MB RAM        

PCI Device Table.                
Bus Dev Func VendID DevID Class              Irq                                                
 00  00  00   1022   3000  Host Bridge                                      
 00  11  00   8086   1209  Ethernet           9                                              
 00  12  00   8086   1209  Ethernet           10                                                

Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001                                                                    
Platform PIX-501                
Flash=E28F640J3 @ 0x3000000                          

Use BREAK or ESC to interrupt flash boot.                                        
Use SPACE to begin flash boot immediately.                                          
Flash boot interrupted.                      
0: i8255X @ PCI(bus:0 dev:17 irq:9 )                                    
1: i8255X @ PCI(bus:0 dev:18 irq:10)                                    

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0017.e0e3.6785                                                              
Use ? for help.              
monitor> ?          
?                 this help message                                  
address   [addr]  set IP address of the PIX interface on which                                                              
                  the TFTP server resides                                        
file      [name]  set boot file name                                    
gateway   [addr]  set IP gateway                                
help              this help message                                  
interface [num]   select TFTP interface                                      
ping      <addr>  send ICMP echo                                
reload            halt and reload system                                        
server    [addr]  set server IP address                                      
tftp              TFTP download                              
timeout           TFTP timeout                              
trace             toggle packet tracing                                      
monitor> address 192.168.0.54                            
address 192.168.0.54                    
monitor> server 192.168.0.2                          
server 192.168.0.2                  
monitor> file            
file    
monitor> file nnpix                  
file nnpix          
monitor> tftp            
tftp nnpix@192.168.0.2                      
TFTP failed (return:-1 arg:0x0)                              
monitor>        


CISCO SYSTEMS PIX-501                    
Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08                                                  
Compiled by morlee                  
16 MB RAM        

PCI Device Table.                
Bus Dev Func VendID DevID Class              Irq                                                
 00  00  00   1022   3000  Host Bridge                                      
 00  11  00   8086   1209  Ethernet           9                                              
 00  12  00   8086   1209  Ethernet           10                                                

Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001                                                                    
Platform PIX-501                
Flash=E28F640J3 @ 0x3000000                          

Use BREAK or ESC to interrupt flash boot.                                        
Use SPACE to begin flash boot immediately.                                          
Reading 1974784 bytes of image from flash.                                          
################################################################################                                                                                
#################################                                
16MB RAM        
mcwa i82559 Ethernet at irq  9  MAC: 0017.e0e3.6784                                                  
mcwa i82559 Ethernet at irq 10  MAC: 0017.e0e3.6785                                                  
Flash=E28F640J3 @ 0x3000000                          
BIOS Flash=E28F640J3 @ 0xD8000                              

  -----------------------------------------------------------------------                                                                        
                               ||        ||                                          
                               ||        ||                                          
                                                 
                          ..:||||||:..:||||||:..                                                
                         c i s c o S y s t e m s                                                
                        Private Internet eXchange                                                
  -----------------------------------------------------------------------                                                                        
                        Cisco PIX Firewall                                          

Cisco PIX Firewall Version 6.3(5)                                
Licensed Features:                  
Failover:                    Disabled                                    
VPN-DES:              þ                      


CISCO SYSTEMS PIX-501                    
Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08                                                  
Compiled by morlee                  
16 MB RAM        

PCI Device Table.                
Bus Dev Func VendID DevID Class              Irq                                                
 00  00  00   1022   3000  Host Bridge                                      
 00  11  00   8086   1209  Ethernet           9                                              
 00  12  00   8086   1209  Ethernet           10                                                

Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001                                                                    
Platform PIX-501                
Flash=E28F640J3 @ 0x3000000                          

Use BREAK or ESC to interrupt flash boot.                                        
Use SPACE to begin flash boot immediately.                                          
Reading 1974784 bytes of image from flash.                                          
################################################################################                                                                                
#########################                        


CISCO SYSTEMS PIX-501                    
Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08                                                  
Compiled by morlee                  
16 MB RAM        

PCI Device Table.                
Bus Dev Func VendID DevID Class              Irq                                                
 00  00  00   1022   3000  Host Bridge                                      
 00  11  00   8086   1209  Ethernet           9                                              
 00  12  00   8086   1209  Ethernet           10                                                

Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001                                                                    
Platform PIX-501                
Flash=E28F640J3 @ 0x3000000                          

Use BREAK or ESC to interrupt flash boot.                                        
Use SPACE to begin flash boot                          
Flash boot interrupted.                      
0: i8255X @ PCI(bus:0 dev:17 irq:9 )                                    
1: i8255X @ PCI(bus:0 dev:18 irq:10)                                    

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0017.e0e3.6785                                                              
Use ? for help.              
monitor> address 192.168.0.250                              
address 192.168.0.250                    
monitor> server 192.168.0.54                            
server 192.168.0.54                  
monitor> file nppix                  
file nppix          
monitor> tftp            
tftp nppix@192.168.0.54                      
TFTP failed (return:-10 arg:0x2)                                
monitor> tftp            
tftp nppix@192.168.0.54                      
TFTP failed (return:-10 arg:0x2)                                
monitor> ping 192.168.0.250                          
Sending 5, 100-byte 0x464b ICMP Echoes t                                      

Success rate is 0 percent (0/5)                              
monitor> ping 192.168.0.2                        
Sending 5, 100-byte 0x464c ICMP Echoes to 192.168.0.2, timeout is 4 seconds:                                                                            
!!!!    
Success rate is 80 percent (4/5)                                
monitor> ping 192.168.0.1                        
Sending 5, 100-byte 0x464d ICMP Echoes to 192.168.0.1, timeout is 4 seconds:                                                                            
!!!!!    
Success rate is 100 percent (5/5)                                
monitor> ping 192.168.0.3                        
Sending 5, 100-byte 0x464e ICMP Echoes to 192.168.0.3, timeout is 4 seconds:                                                                            

Success rate is 0 percent (0/5)                              
monitor> ping 192.168.0.21
Sending 5, 100-byte 0x464f ICMP Echoes to 192.168.0.21, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> ping 192.168.0.54
Sending 5, 100-byte 0x4650 ICMP Echoes to 192.168.0.54, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> ping 192.168.0.250
Sending 5, 100-byte 0x4651 ICMP Echoes to 192.168.0.250, timeout is 4 seconds:

Success rate is 0 percent (0/5)
monitor>tftp
tftp nppix@192.168.0.54
TFTP failed (return:-10 arg:0x2)
monitor> ping 192.168.0.54
Sending 5, 100-byte 0x4652 ICMP Echoes to 192.168.0.54, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> ping 192.168.0.21
Sending 5, 100-byte 0x4653 ICMP Echoes to 192.168.0.21, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor>
0
Alan Huseyin KayahanCommented:
Install TFTP server in a different PC and try to tftp that server's IP
0
davidbartonCommented:
I had the same problem - and the workaround is not mentioned here...

In the pix instructions it suggests setting the file and running tftp as per:

monitor>file np52.bin
file np52.bin

monitor>tftp


I could not get this to work, but by entering tftp np63.bin it worked fine, eg:

monitor>tftp np63.bin

This was on a PIX 501 6.3
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.