04-12-2007 09:16 AM - edited 03-11-2019 02:59 AM
How do you restore the PIX 501, 6.2 to its default values. "Erase" is not a command, "reload" will not work.
Thanks.
Said
04-12-2007 09:25 AM
Try "write erase" then reload.
HTH and please rate.
04-12-2007 09:27 AM
To restore it use:
1.) Reload Factory config:
config factory-default
or
2.) Reset config and boot with wizzard :
conf t
write erase
reload
3.) Default config :
interface ethernet0 auto shutdown
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500
no ip address outside
ip address inside 192.168.1.1 255.255.255.0
no ip address intf2
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
sincerely
Patrick
04-12-2007 10:25 AM
Patrick Thanks. 1)Is DHCP enabled by default? After erasing and reloading the PIX, I am not able to get an IP. Cable to the PIX switch is a straight through.
I try then to configure the PIX using Web: https://192.168.1.1/startup.html
https://192.168.1.1 no success with web. Do you have any suggestions.
04-12-2007 10:50 AM
If you have used the < config factory-default > then you should have DHCP activated and the PIX should have 192.168.1.1 as inside IP adress.
If you have chosen the < write erase > and < reload > then you have an empty config without and IP adress. In this case use your blue serial cable and check the config on the console port. You need to configure manually the PIX use my config in the previous post.
Use hyper terminal with 9600/8N1.
Note: Password is empty press ENTER.
en
conf t
sh run
sincerely
Patrick
04-12-2007 02:35 PM
Patrick Thanks. I followed your previous instructions. The PIX provides DHCP address to my PC.
1. I am still not have PDM/web access.
2. I can not access the Internet after cabling the PIX to a DSL modem, using straight through, then cross over cable. Do you have any suggestions?
The following is the sh run output.
pixfirewall# sh run Assign a
: Savedan inte
:a
PIX Version 6.2(2)
nameif ethernet0 outside security0disable or display IP address to n
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRX
object-gr
fixup protocol http 80 group for use in 'acc
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
ntp Confi
fixup protocol ils 389col
fixup protocol rsh 514
outbound
fixup protocol rtsp 554s list
fixup protocol smtp 25
pager
fixup protocol sqlnet 1521gination
fixup protocol sip 5060
passwd
fixup protocol skinny 2000ess password
names
pager lines 24
ip address inside 127.0.0.1 255.255.255.255
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end
pixfirewall#
04-12-2007 02:40 PM
in the pix command line add the following to access the pix via PDM.
http PC.ip.address 255.255.255.255 inside
04-12-2007 11:48 PM
Hi,
I am unable to access the PIX using web browser. I added the following: http 192.168.1.118 255.255.255.255 inside
04-13-2007 07:31 AM
add the following in the pix
http server enable
04-13-2007 07:42 AM
Said, I forgot to mension , after you enable http server in the pix and load your browser,
you may need to access the PIX by secure http: https://192.168.1.1
04-13-2007 08:46 AM
JORGE,
I am unable to get a DHCP IP for the PC from the PIX.
Accessing the PIX via browser does not work. I need to get an IP first.
Any suggestions?
Thanks.
Said
04-13-2007 09:15 AM
Jorge,
Still no IP from PIX's DHCP. The following is the config. Any suggestions?
Thanks.
Said
:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 10baset shutdown
interface ethernet1 10full shutdown
mtu outside 1500
<--- More --->
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.1.1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
<--- More --->
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:2517fc437be0b0cff8a9b0f7c34e01a4
: end
pixfirewall#
04-13-2007 09:48 AM
i see in the config you have http 192.168.1.1 255.255.255.255 inside
this the ip address of your PIX inside interface .
Do as follows:
no http 192.168.1.1 255.255.255.255 inside
http your.PC.IP 255.255.255.255 inside
configure your machine with static IP in TCPIP settings .
04-13-2007 02:53 PM
the following changes did not work. I still can not open a browser to configure the 501.
no http 192.168.1.1 255.255.255.255 inside
http your.PC.IP 255.255.255.255 inside
static IP addresses in TCPIP settings .
04-13-2007 04:45 PM
Is the port on your Laptop up ?
Click on RUN (Execute) cmd and type into the DOS box : ipconfig /all
try to renew the IP with:
ipconfig /relase
ipconfig /renew
Check the port status on your PIX:
enable
sh int
sh ip
sh arp
sincerely
Patrick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: