Simple change username question - PIX 501

Unanswered Question
May 15th, 2007

I've inherited a PIX 501 firewall and want to change many of the settings used by the previous owners.

I'm doing this in the CLI. The web based GUI gave me some problems (error messages about certificates and so forth). In fact, one of the things I'd like to do is eliminate all the crypto, isakamp and vpngroup entries and start from scratch - once I'm at that point.

I'm both new to Cisco equipment and new to the CLI.

First of all, I wanted to change the username and password used to access the PIX via Telnet.

This is what I've tried, with the results:

User Access Verification

Username: 123admin

Password: **********

Type help or '?' for a list of available commands.

pixfw> en

Password: **********

pixfw# configure terminal

pixfw(config)# username admin

Usage: username <username> {nopassword|password <password>[encrypted]}

[privilege <level>]

username <username> privilege <level>

[no|show} username {<name>]

clear username

pixfw(config)# username admin password "123456789" encrypted privilege 15

Encrypted password is of incorrect length

Username addition failed.


My remarks:

1) Password is the same as password currently being used - how can it NOT be acceptable?

2) What does "Username addition failed" mean? I don't want to add a new user, only change existing username and then password.

Thank you,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
pstebner1 Tue, 05/15/2007 - 11:44


You cannot just change the name - you'll have to delete the old one and add a new one.

pixfw(config)#username admin password "123456789" privilege 15

(don't use the encrypted keyword - it will encrypt it anyway - that is what is giving you the error)

pixfw(config)#no username 123admin


Log out and log in as 'admin' to verify that it works before saving your config. That way you can always reboot the PIX and get back to your original config if you make any mistakes. Assuming everything works, go back to enable mode and do a 'wr mem'



DAVMAC111 Wed, 05/16/2007 - 04:12

Thank you for your very useful response. Besides resolving my problem, I've learned (if I understand correctly) a very useful tip for recovering from human error:

If I misconfigure something, I can reboot the PIX and - provided I have not yet typed the "write memory" command - the firewall will revert to previous settings.

If after testing the new configuration successfully, I can make my changes permanent by using the "write memory" command.

Patrick Iseli Tue, 05/15/2007 - 12:13

You need to remove the old username and password and reenter the username and password again !

no username admin

username admin password abc123 priv 15




This Discussion