Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to recover the password on a Cisco PIX 501 firewall

Posted on 2009-05-08
11
Medium Priority
?
565 Views
Last Modified: 2012-05-06
I purchaced a Cisco PIX firewall and found out that I needed a Rollover cable and then bought it. I have followed the directions below.

* Boot the PIX again and immediately after the reboot as it is coming back up and displaying text in your console send a break sequence with your keyboard. If you are using Hyperterminal with Windows the break sequence is Ctrl-Break.
This will send the PIX into Monitor status and you will see the following prompt on the PIX:monitor>
Patch your computer into the inside or outside interface on the PIX via a standard CAT 5 cable (i.e. patch from your computers NIC to one of the PIXs interfaces).

This next statement tells me to change the static ip address for the PC nic to 192.168.1.101

*Give your computer an IP address. For this example, lets use 192.168.1.100 with a netmask of 255.255.255.0

*Start up your TFTP server program and keep it running.
Tell the PIX which interface you will be connecting to, as follows:monitor> interface 1
---note interface 1 is inside, interface 0 is outside.

*Give the PIX a temporary IP address on the same network as your computer, as follows:monitor> address 192.168.1.101
*Tell the PIX the IP address of the TFTP server (your computer)
monitor> server 192.168.1.100

I downloaded the np63.bin to the C:\Program Files\TTERMPRO directory

*Told the PIX which file to copy:
monitor> file np63.bin

*Started the TFTP copy
monitor> tftp

This is what I get:

monitor> tftp
tftp np63.bin@192.168.1.100
TFTP failed (return:-1 arg:0x0)
monitor>

It should copy very quickly. It does not and gives an error message. I also used a linksys router with dhcp turned off to simmulate a hub/switch.

Any Ideas?
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)
 
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0015.63ff.653b
monitor> address 192.168.1.101
address 192.168.1.101
monitor> server 192.168.1.100
server 192.168.1.100
monitor> file np63.bin
file np63.bin
monitor> tftp
tftp np63.bin@192.168.1.100
TFTP failed (return:-1 arg:0x0)
monitor>

Open in new window

0
Comment
Question by:smarant
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 1

Accepted Solution

by:
abhimail2002 earned 300 total points
ID: 24341953
Hi. I will suggest you to check your TFTP configuration and make sure your firewall is turned off. Sometimes the firewall blocks TFTP connection in these cases.
0
 
LVL 2

Assisted Solution

by:e3user
e3user earned 300 total points
ID: 24342895
0
 

Author Comment

by:smarant
ID: 24346272
The firewall was definitly on and I turned it off. So now as I am expecting there is communication between the pc and the pix as I am looking at the router both ports are flashing. But it just keeps doing as there is a huge massive file transfer going on. It should copy very quickly from what I have read.  Any Ideas? The teminal looks like this:

monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0015.63ff.653b
monitor> address 192.168.1.154
address 192.168.1.15
monitor> server 192.168.1.100
server 0.0.0.0
monitor> server 192.168.1.100
server 192.168.1.100
monitor> file np63.bin
file np63.bin
monitor> tftp
tftp np63.bin@192.168.1.100
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 900 total points
ID: 24346618
Try a different TFTP program. I have good luck with TFTPD32 just google for it.
0
 
LVL 2

Expert Comment

by:e3user
ID: 24346893
hey,
I dont if you are facing the same thing as I had before.
goto to your PC  folder options-->uncheck ''hide extensions for known file types''
maybe it is under a hidden file type which the pix is not recognizing

hope it helps.
0
 

Author Comment

by:smarant
ID: 24347887
What does the File extentions have to do with this problem?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 900 total points
ID: 24354020
Sometimes using interface 0 instead of 1 seems to work
0
 

Author Comment

by:smarant
ID: 24354091
Is there any good instruction on how to use TFTPD32  for this issue?

0
 

Author Comment

by:smarant
ID: 24401075
Question is how do I get a ping response from the pix if I am hooked directly to it and have set the pix and the pc as the following configs:

 Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0015.63ff.653b
Use ? for help.
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 0: i82557 @ PCI(bus:0 dev:17 irq:9 ), MAC: 0015.63ff.6539
monitor> address 192.168.1.30
address 192.168.1.30
monitor> server 192.168.1.31
server 192.168.1.31
monitor> file np63.bin
file np63.bin
monitor> ping 192.168.1.30
Sending 5, 100-byte 0x324d ICMP Echoes to 192.168.1.30, timeout is 4 seconds:

Success rate is 0 percent (0/5)
monitor> ping 192.168.1.31
Sending 5, 100-byte 0x324e ICMP Echoes to 192.168.1.31, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor>
I can ping the pc I am useing but not the pix...
All firewalls on the pc atre turned off
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 900 total points
ID: 24402600
as long as you can ping your tftp server, that's all that matters. You cannot ping your own interface from monitor mode.
0
 

Author Comment

by:smarant
ID: 24403246
So why do you think the PIX hangs?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question