We help IT Professionals succeed at work.

Cisco PIX 506e password recoverey Stalls

Medium Priority
1,609 Views
Last Modified: 2012-05-06
I have been trying to reset the password on PIX 506E, all version info is below. I am able to connect to the TFTP server and the download occurs but after that everything stops at:

tftp nppix.bin@192.168.1.7......................................................
................................................................................
................................................................................
...
Received 110592 bytes

after this the system seems to just freeze there. I let sit for a few hours and no change, any ideas would be greatly appreciated.
Here is the output from  start up to the monitor prompt:
 
CISCO SYSTEMS PIX FIREWALL
Embedded BIOS Version 4.3.207 01/02/02 16:12:22.73
Compiled by morlee
32 MB RAM
 
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
 00  00  00   8086   7192  Host Bridge
 00  07  00   8086   7110  ISA Bridge
 00  07  01   8086   7111  IDE Controller
 00  07  02   8086   7112  Serial Bus         9
 00  07  03   8086   7113  PCI Bridge
 00  0D  00   8086   1209  Ethernet           11
 00  0E  00   8086   1209  Ethernet           10
 
Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
Platform PIX-506E
System Flash=E28F640J3 @ 0xfff00000
 
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
 
Ethernet auto negotiation timed out.
Ethernet port 1 could not be initialized.
Use ? for help.
 
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
 
Using 0: i82557 @ PCI(bus:0 dev:14 irq:10), MAC: 0012.7fb4.e499
 
monitor> address 192.168.1.76
address 192.168.1.76
 
monitor> server 192.168.1.7
server 192.168.1.7
 
monitor> file nppix.bin
file nppix.bin
 
monitor> tftp
tftp nppix.bin@192.168.1.7......................................................
................................................................................
................................................................................
...
Received 110592 bytes

Open in new window

Comment
Watch Question

not sure what version you are loading, but is 32Meg enough memory?

also, you have to rename the files for the flash to boot from it also, but without a prompt, I suspect this will be challenging..

I certainly don't know of any firmware (Received 110592 bytes) that is this small, can you check?

Is it a firmware from cisco? Have you checked the checksum also?


Author

Commented:
Thanks for response, it is appreciated.

I am not installing a firmware I am trying to reset the password using the recovery program from Cisco,

File:nppix.bin.

the 110592 bytes is the exact size if file from Cisco.

the steps I am following for password recovery are from Cisco as well here is the link am using:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml 

What is the best way to check the checksum?

thanks again

Author

Commented:
P.S

I have used this method before to recover passwords on other PIX devices, and it worked, so I wondering if maybe the device is faulty?

Could it be that your out of memory to complete the download, or even run the program afterwards?

do you have a backup?
There is always the restore to factory defaults...

Can you tftp the config out firstly?

List the flash files and free space, but unsure if monitor mode allows this in 4.3..

Author

Commented:
I dont think its a size issue, because I the file is 110592 bytes that means it only 108KB or 0.10547MB's. So there should be plenty of space.

I would love to recover from a backup or restore to factory defaults, but can not get to enable mode, hence the password recovery.

Have you used the password recovery files before?
a long time ago, worked like a charm, but was version 5.

To restore to factory default, I thought you could just reboot from cold with a console cable in and when the flash is loading, hit Break on the keyboard.

This enters ROMMON mode where you can reset to default.

I know some of the older cisco units used to have a jumper internally, but I am not aware of any on a 506.

The other problem is that you can prevent a password recovery by using the
no service password-recovery command, maybe this applies and factory defaults is your only option..

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/trouble.html#wp1049417

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
thanks for the help, sorry for the delay but just got back to this problem.
If you encounter this issue, make sure you are using the correct .bin file for your PIX software. I just encountered the same problem trying to perform password recovery on a Pix515d. I was getting the same results as the original poster. The console session session would hang after the .bin successfully downloaded from the TFTP server. Going by the POST messages, I thought I had Version 4.0; however, the Monitor>"show version" said it was PIX version 6.3. Using the .bin for 6.3, I was able to clear the password on my first attempt.
I found this hint at http://www.velocityreviews.com/forums/t33056-password-recovery-on-pix-515e-i-have-tried-the-instructions-from-cisco.html.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.