20091214

How to recover a PIX Firewall password

If you ever lose a password on a PIX Firewall and need to recover it, follow these steps:
if you ever need to recover a password on the PIX
here are the steps:

Requirements:
* You will need a console connection from the PIX to your machine
* You will need a TFTP server application running on your machine
(I personally use tftpd32, which can be downloaded for free
at
 http://tftpd32.jounin.net/)

1) Connect the console cable to your serial port and plug the RJ45 end
into the PIX port marked "Console". You can use Hypertrm (which comes
with Windows) or any other console program of your choice. I use
TeraTerm Pro, found at
 http://www.ayera.com/teraterm/.

2) Find out what version of software is running on your PIX. If you're
not sure, you can find out very easy in the following way. If you
are connected to the PIX via a console connection, simply reboot the
PIX and watch for the output. It will tell you which version is
running.



3) Download the corresponding helper binary file from Cisco, depending
on which software version is running on the PIX. For example, if you
were running version 6.3(x) you could use the file called np63.bin found
here:
 http://www.cisco.com/warp/public/11... If you were running
6.2 you could simply change the last characters on the above url to be
np62.bin. Download that file and save it to the root directory of your
TFTP application.



4) Next, reboot the PIX again and immediately after the reboot as it is
coming back up and displaying text in your console send a break sequence
with your keyboard. If you are using Hyperterminal with Windows the break
sequence is Ctrl-Break.

5) This will send the PIX into "Monitor" status and you will see the following
prompt on the PIX:

monitor>
6) Patch your computer into the inside or outside interface on the PIX via a
standard CAT 5 cable (i.e. patch from your computers NIC to one of the PIX's
interfaces).

7) Give your computer an IP address. For this example, let's use 10.0.0.1
with a gateway
 of 255.0.0.0

8) Start up your TFTP server program and keep it running.
9) Tell the PIX which interface you will be connecting to, as follows:
monitor> interface 1
*note interface 1 is inside, interface 0 is outside, but you remember that
from reading the ebook right? :)

10) Give the PIX a temporary IP address on the same network as your computer,
as follows:

monitor> address 10.0.0.2
11) Tell the PIX the IP address of the TFTP server (your computer)
monitor> server 10.0.0.1
12) Tell the PIX which file to copy:
monitor> file np63.bin
13) Start the TFTP copy
monitor> tftp
14) It should copy very quickly. If it does not you will get
an error message on the PIX and potentially on the TFTP server
software. If you do get an error, you likely have a cabling
issue or perhaps a typo of one of the above commmands.

15) Once the file is copied to the PIX, the PIX will ask if you are
sure you want to reset the password. Type "Y" for yes, and the PIX
will reboot.

16) After the reboot the PIX will now have a default telnet password
of "cisco" (no quotes) and no enable password.

That's about it. About 10 minutes of downtime and you and your PIX Firewall are back in action!

No comments:

Post a Comment