Password Change on Pix 515e

Unanswered Question
Jan 28th, 2008

All, I inherited a PIX that I need to change the passwords to. Currently it has:


enable password xxx

passwd adfasdfnen encrypted


I am wanting to remove these two passwords and create a username and password for the login.


If I enter the command no enable password encrpyed or no password, then do a show run, those commands are still in the config.


Your help is appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Mon, 01/28/2008 - 06:18

To change the enable password of the PIX Firewall:

pixfirewall(config)# enable password


- To change the login password of PIX Firewall:

pixfirewall(config)#passwd


Make sure that log in, make the changes and test it using another connection before you log out for your current session.


I am also enclosing the URL that has links to the command reference.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094885.shtml


Regards,

Arul


** Please rate all helpful posts **

rwamstutz Mon, 01/28/2008 - 07:18

thank you for your reply. How can I log in using a username and password, instead of just a password?

rwamstutz Mon, 01/28/2008 - 08:15

Arul, I have that, the pix still prompts be just for a password at login, not for a username.

ajagadee Mon, 01/28/2008 - 09:06

Can you configure the below two commands and let me know if it works.


aaa-server LOCAL protocol local

aaa authentication telnet console LOCAL


If this does not work, please post the current configuration from the Pix and I will take a look at it and assist you.


Regards,

Arul


** Please rate all helpful posts **

rwamstutz Tue, 01/29/2008 - 07:32

Arul,


This prompts for username and password, but VPN Remote user can telnet into the PIX and log in as themselves, but if they do an Enable, it prompts them for a password. How can I prevent users from Telneting the the pix, but only allow VPN Client Access?

pengfang Tue, 01/29/2008 - 11:59

Hi ,if you vpn client can telnet PIX, you probably have telnet wide open,

telnet 0.0.0.0 0.0.0.0 inside

change it to

telnet x.x.x.x 255.255.255.255 inside

x.x.x.x is your management PC's IP or your can define a range excluding any subnet you don't want.



Actions

This Discussion