Solved

How to recover the password on a Cisco PIX 501 firewall

Posted on 2009-05-08
11
537 Views
Last Modified: 2012-05-06
I purchaced a Cisco PIX firewall and found out that I needed a Rollover cable and then bought it. I have followed the directions below.

* Boot the PIX again and immediately after the reboot as it is coming back up and displaying text in your console send a break sequence with your keyboard. If you are using Hyperterminal with Windows the break sequence is Ctrl-Break.
This will send the PIX into Monitor status and you will see the following prompt on the PIX:monitor>
Patch your computer into the inside or outside interface on the PIX via a standard CAT 5 cable (i.e. patch from your computers NIC to one of the PIXs interfaces).

This next statement tells me to change the static ip address for the PC nic to 192.168.1.101

*Give your computer an IP address. For this example, lets use 192.168.1.100 with a netmask of 255.255.255.0

*Start up your TFTP server program and keep it running.
Tell the PIX which interface you will be connecting to, as follows:monitor> interface 1
---note interface 1 is inside, interface 0 is outside.

*Give the PIX a temporary IP address on the same network as your computer, as follows:monitor> address 192.168.1.101
*Tell the PIX the IP address of the TFTP server (your computer)
monitor> server 192.168.1.100

I downloaded the np63.bin to the C:\Program Files\TTERMPRO directory

*Told the PIX which file to copy:
monitor> file np63.bin

*Started the TFTP copy
monitor> tftp

This is what I get:

monitor> tftp
tftp np63.bin@192.168.1.100
TFTP failed (return:-1 arg:0x0)
monitor>

It should copy very quickly. It does not and gives an error message. I also used a linksys router with dhcp turned off to simmulate a hub/switch.

Any Ideas?
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
 
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0015.63ff.653b
monitor> address 192.168.1.101
address 192.168.1.101
monitor> server 192.168.1.100
server 192.168.1.100
monitor> file np63.bin
file np63.bin
monitor> tftp
tftp np63.bin@192.168.1.100
TFTP failed (return:-1 arg:0x0)
monitor>

Open in new window

0
Comment
Question by:smarant
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 1

Accepted Solution

by:
abhimail2002 earned 100 total points
ID: 24341953
Hi. I will suggest you to check your TFTP configuration and make sure your firewall is turned off. Sometimes the firewall blocks TFTP connection in these cases.
0
 
LVL 2

Assisted Solution

by:e3user
e3user earned 100 total points
ID: 24342895
0
 

Author Comment

by:smarant
ID: 24346272
The firewall was definitly on and I turned it off. So now as I am expecting there is communication between the pc and the pix as I am looking at the router both ports are flashing. But it just keeps doing as there is a huge massive file transfer going on. It should copy very quickly from what I have read.  Any Ideas? The teminal looks like this:

monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0015.63ff.653b
monitor> address 192.168.1.154
address 192.168.1.15
monitor> server 192.168.1.100
server 0.0.0.0
monitor> server 192.168.1.100
server 192.168.1.100
monitor> file np63.bin
file np63.bin
monitor> tftp
tftp np63.bin@192.168.1.100
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 24346618
Try a different TFTP program. I have good luck with TFTPD32 just google for it.
0
 
LVL 2

Expert Comment

by:e3user
ID: 24346893
hey,
I dont if you are facing the same thing as I had before.
goto to your PC  folder options-->uncheck ''hide extensions for known file types''
maybe it is under a hidden file type which the pix is not recognizing

hope it helps.
0
 

Author Comment

by:smarant
ID: 24347887
What does the File extentions have to do with this problem?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 24354020
Sometimes using interface 0 instead of 1 seems to work
0
 

Author Comment

by:smarant
ID: 24354091
Is there any good instruction on how to use TFTPD32  for this issue?

0
 

Author Comment

by:smarant
ID: 24401075
Question is how do I get a ping response from the pix if I am hooked directly to it and have set the pix and the pc as the following configs:

 Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0015.63ff.653b
Use ? for help.
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 0: i82557 @ PCI(bus:0 dev:17 irq:9 ), MAC: 0015.63ff.6539
monitor> address 192.168.1.30
address 192.168.1.30
monitor> server 192.168.1.31
server 192.168.1.31
monitor> file np63.bin
file np63.bin
monitor> ping 192.168.1.30
Sending 5, 100-byte 0x324d ICMP Echoes to 192.168.1.30, timeout is 4 seconds:

Success rate is 0 percent (0/5)
monitor> ping 192.168.1.31
Sending 5, 100-byte 0x324e ICMP Echoes to 192.168.1.31, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor>
I can ping the pc I am useing but not the pix...
All firewalls on the pc atre turned off
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 24402600
as long as you can ping your tftp server, that's all that matters. You cannot ping your own interface from monitor mode.
0
 

Author Comment

by:smarant
ID: 24403246
So why do you think the PIX hangs?
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
fabric 1 31
Help with a subnetting question 7 58
Manage ASA using outside IP 14 62
I want to know the number of Cisco 1921-sec / k9 ipsec vpn concurrent users? 4 28
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question