Cisco Pix Firewall - Recover VPN Password?

Posted on 2009-12-21
Last Modified: 2012-05-08
We have a CISCO PIX Firewall - one of our client that connected to us through a VPN accidentally deleted all his settings, like host name, username, password, etc in his CISCO VPN Client Version 4.8. Is there any way I can see from the firewall somehow his username/password/hostname, etc? Thank you! Please write detailed step by step instructions. Dont know too much about firewalls. I am using Hyperteminal. Thanks.
Question by:Cubbybulin
    LVL 34

    Accepted Solution


    1 you need a tftp server:

    Worthing1#copy run tftp
    Address or name of remote host []?
    Destination filename [worthing1-confg]?
    14644 bytes copied in 3.598 secs (4070 bytes/sec)


    Worthing1#copy tftp start
    Address or name of remote host []?
    Source filename [worthin1-confg]? worthing1-confg
    Destination filename [startup-config]?
    Accessing tftp://
    Loading worthing1-confg from (via Vlan1): !
    [OK - 14644 bytes]
    14644 bytes copied in 10.001 secs (1464 bytes/sec)

    2. And after please show us the config and we tell you which line contains the passwords...

    Best regards,

    Author Comment

    Ok, here is the running config - and i was able to see the password on the tftp server. Just to make sure, in the cisco vpn client these will be my settings:

    Group Name: jaremotes
    password: *********

    and it should work right? - I see something about crypto map to Dayton Client - which is where this person is located. Does this means only he can connect with vpn to use or I can try these settings from my home? Thanks!

    PIX Version 6.3(5)
    interface ethernet0 10baset
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password GWrHuOdSnP3vVpxD encrypted
    passwd GWrHuOdSnP3vVpxD encrypted
    hostname pixfirewall
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    access-list aclin permit tcp any host eq 4899
    access-list aclin permit tcp any host eq smtp
    access-list aclin permit tcp any host eq www
    access-list aclin permit tcp any host eq citrix-ica
    access-list aclin permit tcp host host eq ldap
    access-list aclin permit tcp any host eq 3389
    access-list vpn_nat_acl permit ip 255.255
    access-list outside_cryptomap_dyn_20 permit ip any
    access-list jaremotes_splitTunnelAcl permit ip any
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside
    ip address inside
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool RemoteVPNPool
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list vpn_nat_acl
    static (inside,outside) netmask 0 0
    static (inside,outside) netmask 0 0
    static (inside,outside) netmask 0 0
    access-group aclin in interface outside
    route outside 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http inside
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    floodguard enable
    sysopt connection permit-ipsec
    sysopt noproxyarp inside
    crypto ipsec transform-set strong esp-des esp-md5-hmac
    crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
    crypto dynamic-map outside_dyn_map 20 set transform-set strong
    crypto map toDayton 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map toDayton client configuration address initiate
    crypto map toDayton client configuration address respond
    crypto map toDayton interface outside
    isakmp enable outside
    isakmp key ******** address netmask
    isakmp client configuration address-pool local RemoteVPNPool outside
    isakmp nat-traversal 20
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 1
    isakmp policy 10 lifetime 86400
    isakmp policy 15 authentication pre-share
    isakmp policy 15 encryption des
    isakmp policy 15 hash md5
    isakmp policy 15 group 2
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 1
    isakmp policy 10 lifetime 86400
    isakmp policy 15 authentication pre-share
    isakmp policy 15 encryption des
    isakmp policy 15 hash md5
    isakmp policy 15 group 2
    isakmp policy 15 lifetime 86400
    vpngroup jaremotes address-pool RemoteVPNPool
    vpngroup jaremotes dns-server
    vpngroup jaremotes default-domain
    vpngroup jaremotes split-tunnel jaremotes_splitTunnelAcl
    vpngroup jaremotes idle-time 7200
    vpngroup jaremotes password ********
    telnet inside
    telnet timeout 5
    ssh xx.xx.x.x outside
    ssh timeout 5
    console timeout 0
    terminal width 80
    : end

    Author Closing Comment

    Thank you! Up and running now! YEAY! Köszi szépen!
    LVL 34

    Expert Comment

    by:Istvan Kalmar
    Your Welcome:)

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
    Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
    This video discusses moving either the default database or any database to a new volume.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now