PIX 501 back to factory default....

Unanswered Question
Jan 22nd, 2008

I do not know the password nor do I know the inside IP address (which means that I cannot perform the np63.bin upload). Any suggestions - just need to get back to factory default.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Tue, 01/22/2008 - 09:08

you will still need to do password recovery in order to get it to factory defaults, follow the steps in this link for password recovery.


Use a console cable and connect to pix, I believe you still can issue"show version"from local console,take notes from the code version your are running and perform password recovery, after this is complete then do the factory defaults settings.



nagel Tue, 01/22/2008 - 09:20

Obviously, that is what I am trying to do. I do not know the IP address of either interface which is required in order to do the password recovery. I need a different solution.

JORGE RODRIGUEZ Tue, 01/22/2008 - 09:44

You do not need to know the IP address of the PIX, please read the doc again. What you need is PC/Laptop a TFTP server running on it, terminal emulator, and console cable , IP address of your choice to define IP interface for PIX and one IP address for your laptop follow the instructions on the documentation. If you need help in the process let us know.



nagel Wed, 01/23/2008 - 06:02

Jorge, OK maybe I'm missin something here but I did try this as you suggested. I have done this procedure, many times, in the past but only when I knew the actual address that was assigned to one of the interfaces. It has always worked in that scenario. I had assumed that the address command in monitor mode did not apply the address to the interface but rather tell the procedure what that already applied address was. The reason that I have done this many times in the past is that I teach a PIX class and have had students lock themselves out many times - but always I had on othe interface addresses to use. I tried, as you suggested, using the address command in monitor mode to assign an address to one the interfaces (i have tried both inside and outside). I am still to this point not able to ping much less upload using that procedure. Have you actually done this procedure and had it work without actually knowing one of the interface addresses?

srue Wed, 01/23/2008 - 06:47

whatever address you choose, make sure the pc/laptop that you attach to it is in the same network.

for example...

assign the pix the address

assign your pc/laptop the address

the pix 501 is outdated. you should really be using at least an asa 5505 to teach the firewall class, or even a 5510(x2)

nagel Wed, 01/23/2008 - 07:02

Yes I have both devices on the same subnet. Once again, can anyone confirm that they have made this work? I have yet to have anyone tell me that they have actually made this work using the monitor mode 'address' command to assign an address to an interface on the 501.

JORGE RODRIGUEZ Wed, 01/23/2008 - 14:35

Lonnie, have your PIX problem been resolved? just following up , let us know if still problems to assist.



nagel Wed, 01/23/2008 - 14:50


Oddly enough, The issue still exists. I was able to emulate your procedure nearly exactly.

1- One 8 port DLink Hub

2- One IBM labtop w/terminal Emu and TFTP

3- One PIX501

4- Two CAT5 cables

5- One Console cable

I used the exact same ip addresses you show in your example. I cannot ping or upload the np.bin file.

I am stuck -

JORGE RODRIGUEZ Wed, 01/23/2008 - 15:06

Hmm, it is very strange somthing must be wrong with the pix.. when you were in the monitor did it take the commands? and did you try pinging from the PIX to the labtop?

monitor>interface 1



did you try with interface 0 ?

Im sure the dlink hub is auto/auto.

Im out of ideas, I'll see if I come up with one !!.. but definately strange.. , maybe changing flash chip.. but I guess you do not have one handy for PIX..

JORGE RODRIGUEZ Wed, 01/23/2008 - 07:11

Dear Lonnie, not a problem , you deserve the benefit of the doubt :). And yes, I have done this not just in my lab.

bellow example is from one of my test lab pix.. this is a 501 , I am not even using a default gateway.

Tools used:

1- One 4 port Netgear

2- One IBM labtop w/terminal Emu and TFTP

3- One PIX501

4- Two CAT5 cables

5- One Console cable

the actual PIX ethernet1 IP address is totally different from this example.

configure labtop with just IP address and subnet mask, not need for default gateway.

I define PIX ethernet1 with IP and the my labtop with running a TFTP server.. although I did not do the actual password recovery I am able to ping my TFTP server from PIX.

Use BREAK or ESC to interrupt flash boot.

Use SPACE to begin flash boot immediately.

Flash boot interrupted.

0: i8255X @ PCI(bus:0 dev:13 irq:11)

1: i8255X @ PCI(bus:0 dev:14 irq:10)

Using 1: i82559 @ PCI(bus:0 dev:14 irq:10), MAC: 0050.54ff.a536

Use ? for help.

monitor> interface 1

0: i8255X @ PCI(bus:0 dev:13 irq:11)

1: i8255X @ PCI(bus:0 dev:14 irq:10)

Using 1: i82559 @ PCI(bus:0 dev:14 irq:10), MAC: 0050.54ff.a536

monitor> address


monitor> server


monitor> ping

Sending 5, 100-byte 0xa8b2 ICMP Echoes to, timeout is 4 seconds:


Success rate is 100 percent (5/5)




alvaropena Fri, 04/11/2008 - 12:17

I have the same problem as Nagel. However, I am able to ping the server but have not been able to upload the npXX.bin file. The file currently resides in the C: drive of the server. Where should the file be?


nagel Fri, 04/11/2008 - 12:46

This one I do know. The file needs to reside in the root directory of your tftp server. This also needs to be specified in your tftp server configuration. I normally place the "tftp root" folder in the C drive and then create a shortcut to it on my desktop - so that it is very easy to simply drop my transfer files on top of the shortcut icon to get them into the folder. I normally use the free tftp from solarwinds. Also make sure that you have your tftp server started (doh).


This Discussion