Thursday, November 4, 2010

Fun with PIX, Part Deux

After getting my PIX to boot in my previous post, I decided to run through the password recovery procedures.

What you'll need:
  • PIX recovery images (availble from either the Cisco site individually or here in one ZIP file)
  • PIX firewall software version
  • TFTP server software (I used the TFTP server included in the PacketTrap pt360 Suite in this exercise)
  • Terminal Emulator (I typically use PuTTY)

Steps:

  1. Connect Ethernet 0 on the PIX to your local LAN.
  2. Open a command prompt and run ipconfig to determine your computer's IP address.
  3. Download PIX recovery images to a directory on your computer (such as C:\tftp).
  4. Point your TFTP server to the download directory containing your tools.
  5. With a console cable attached and terminal emulator running, power on the PIX firewall.
  6. Note the version of the PIX firewall software. If you missed the boot sequence, you can type sh ver at the prompt. The firewall software version will normally be the first line returned:
    Cisco PIX Firewall Version 6.3(5)
    Cisco PIX Device Manager Version 3.0(4)

    In this case, the number you need is "Cisco PIX Firewall Version."
  7. Power off the PIX.
  8. Power on the PIX.
  9. After the startup messages appear, press ESC or send a BREAK command. Note: If you do it too early, you'll get a testing/diagnostic menu. To continue the boot process, type C. A successful BREAK command should leave you at the monitor> prompt.
  10. Type int e0 and press ENTER.
  11. Type addr a.b.c.d and press ENTER (where a.b.c.d is an IP address you want to assign to the PIX. To reduce troubleshooting, choose an address on the same network as your the computer you're using).
  12. Type server w.x.y.z and press ENTER (where w.x.y.z is the IP address of the computer you're using to perform this procedure).
  13. Type file np[nn].bin (where [nn] is the version number corresponding to the BIN file for password recovery. For example, if your PIX is running version 6.3 of the firewall software, enter np63.bin).
  14. Type tftp and press ENTER.
  15. When prompted, type Y to erase the passwords.
  16. If prompted to remove the commands from the configuration, type Y.
  17. The device will reboot and will have a blank password.

No comments:

Post a Comment