Password Change on Pix 515e

Unanswered Question
Jan 28th, 2008
User Badges:

All, I inherited a PIX that I need to change the passwords to. Currently it has:

enable password xxx

passwd adfasdfnen encrypted

I am wanting to remove these two passwords and create a username and password for the login.

If I enter the command no enable password encrpyed or no password, then do a show run, those commands are still in the config.

Your help is appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Mon, 01/28/2008 - 06:18
User Badges:
  • Cisco Employee,

To change the enable password of the PIX Firewall:

pixfirewall(config)# enable password

- To change the login password of PIX Firewall:


Make sure that log in, make the changes and test it using another connection before you log out for your current session.

I am also enclosing the URL that has links to the command reference.



** Please rate all helpful posts **

rwamstutz Mon, 01/28/2008 - 07:18
User Badges:

thank you for your reply. How can I log in using a username and password, instead of just a password?

rwamstutz Mon, 01/28/2008 - 08:15
User Badges:

Arul, I have that, the pix still prompts be just for a password at login, not for a username.

ajagadee Mon, 01/28/2008 - 09:06
User Badges:
  • Cisco Employee,

Can you configure the below two commands and let me know if it works.

aaa-server LOCAL protocol local

aaa authentication telnet console LOCAL

If this does not work, please post the current configuration from the Pix and I will take a look at it and assist you.



** Please rate all helpful posts **

rwamstutz Tue, 01/29/2008 - 07:32
User Badges:


This prompts for username and password, but VPN Remote user can telnet into the PIX and log in as themselves, but if they do an Enable, it prompts them for a password. How can I prevent users from Telneting the the pix, but only allow VPN Client Access?

pengfang Tue, 01/29/2008 - 11:59
User Badges:

Hi ,if you vpn client can telnet PIX, you probably have telnet wide open,

telnet inside

change it to

telnet x.x.x.x inside

x.x.x.x is your management PC's IP or your can define a range excluding any subnet you don't want.


This Discussion