cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
816
Views
10
Helpful
16
Replies

PIX 501

saidfrh
Level 1
Level 1

How do you restore the PIX 501, 6.2 to its default values. "Erase" is not a command, "reload" will not work.

Thanks.

Said

16 Replies 16

Collin Clark
VIP Alumni
VIP Alumni

Try "write erase" then reload.

HTH and please rate.

Patrick Iseli
Level 7
Level 7

To restore it use:

1.) Reload Factory config:

config factory-default

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_quick_start09186a00807d280a.html#wp60695

or

2.) Reset config and boot with wizzard :

conf t

write erase

reload

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ae.html#wp1027782

3.) Default config :

interface ethernet0 auto shutdown

interface ethernet1 auto

interface ethernet2 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

mtu intf2 1500

no ip address outside

ip address inside 192.168.1.1 255.255.255.0

no ip address intf2

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

sincerely

Patrick

Patrick Thanks. 1)Is DHCP enabled by default? After erasing and reloading the PIX, I am not able to get an IP. Cable to the PIX switch is a straight through.

I try then to configure the PIX using Web: https://192.168.1.1/startup.html

https://192.168.1.1 no success with web. Do you have any suggestions.

If you have used the < config factory-default > then you should have DHCP activated and the PIX should have 192.168.1.1 as inside IP adress.

If you have chosen the < write erase > and < reload > then you have an empty config without and IP adress. In this case use your blue serial cable and check the config on the console port. You need to configure manually the PIX use my config in the previous post.

Use hyper terminal with 9600/8N1.

Note: Password is empty press ENTER.

en

conf t

sh run

sincerely

Patrick

Patrick Thanks. I followed your previous instructions. The PIX provides DHCP address to my PC.

1. I am still not have PDM/web access.

2. I can not access the Internet after cabling the PIX to a DSL modem, using straight through, then cross over cable. Do you have any suggestions?

The following is the sh run output.

pixfirewall# sh run Assign a

: Savedan inte

:a

PIX Version 6.2(2)

nameif ethernet0 outside security0disable or display IP address to n

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRX

object-gr

fixup protocol http 80 group for use in 'acc

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

ntp Confi

fixup protocol ils 389col

fixup protocol rsh 514

outbound

fixup protocol rtsp 554s list

fixup protocol smtp 25

pager

fixup protocol sqlnet 1521gination

fixup protocol sip 5060

passwd

fixup protocol skinny 2000ess password

names

pager lines 24

ip address inside 127.0.0.1 255.255.255.255

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e

: end

pixfirewall#

in the pix command line add the following to access the pix via PDM.

http PC.ip.address 255.255.255.255 inside

Jorge Rodriguez

Hi,

I am unable to access the PIX using web browser. I added the following: http 192.168.1.118 255.255.255.255 inside

add the following in the pix

http server enable

Jorge Rodriguez

Said, I forgot to mension , after you enable http server in the pix and load your browser,

you may need to access the PIX by secure http: https://192.168.1.1

Jorge Rodriguez

JORGE,

I am unable to get a DHCP IP for the PC from the PIX.

Accessing the PIX via browser does not work. I need to get an IP first.

Any suggestions?

Thanks.

Said

Jorge,

Still no IP from PIX's DHCP. The following is the config. Any suggestions?

Thanks.

Said

:

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

pager lines 24

interface ethernet0 10baset shutdown

interface ethernet1 10full shutdown

mtu outside 1500

<--- More --->

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

http 192.168.1.1 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet timeout 5

<--- More --->

dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:2517fc437be0b0cff8a9b0f7c34e01a4

: end

pixfirewall#

i see in the config you have http 192.168.1.1 255.255.255.255 inside

this the ip address of your PIX inside interface .

Do as follows:

no http 192.168.1.1 255.255.255.255 inside

http your.PC.IP 255.255.255.255 inside

configure your machine with static IP in TCPIP settings .

Jorge Rodriguez

the following changes did not work. I still can not open a browser to configure the 501.

no http 192.168.1.1 255.255.255.255 inside

http your.PC.IP 255.255.255.255 inside

static IP addresses in TCPIP settings .

Is the port on your Laptop up ?

Click on RUN (Execute) cmd and type into the DOS box : ipconfig /all

try to renew the IP with:

ipconfig /relase

ipconfig /renew

Check the port status on your PIX:

enable

sh int

sh ip

sh arp

sincerely

Patrick

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: