01-28-2008 05:55 AM - edited 02-21-2020 01:52 AM
All, I inherited a PIX that I need to change the passwords to. Currently it has:
enable password xxx
passwd adfasdfnen encrypted
I am wanting to remove these two passwords and create a username and password for the login.
If I enter the command no enable password encrpyed or no password, then do a show run, those commands are still in the config.
Your help is appreciated.
01-28-2008 06:18 AM
To change the enable password of the PIX Firewall:
pixfirewall(config)# enable password
- To change the login password of PIX Firewall:
pixfirewall(config)#passwd
Make sure that log in, make the changes and test it using another connection before you log out for your current session.
I am also enclosing the URL that has links to the command reference.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094885.shtml
Regards,
Arul
** Please rate all helpful posts **
01-28-2008 07:18 AM
thank you for your reply. How can I log in using a username and password, instead of just a password?
01-28-2008 07:41 AM
pixfirewall(config)# username
Please refer the below URL for additional details
http://www.cisco.com/en/US/docs/security/pix/pix62/command/reference/tz.html#wp1026631
Regards,
Arul
** Please rate all helpful posts **
01-28-2008 08:15 AM
Arul, I have that, the pix still prompts be just for a password at login, not for a username.
01-28-2008 09:06 AM
Can you configure the below two commands and let me know if it works.
aaa-server LOCAL protocol local
aaa authentication telnet console LOCAL
If this does not work, please post the current configuration from the Pix and I will take a look at it and assist you.
Regards,
Arul
** Please rate all helpful posts **
01-29-2008 07:32 AM
Arul,
This prompts for username and password, but VPN Remote user can telnet into the PIX and log in as themselves, but if they do an Enable, it prompts them for a password. How can I prevent users from Telneting the the pix, but only allow VPN Client Access?
01-29-2008 11:59 AM
Hi ,if you vpn client can telnet PIX, you probably have telnet wide open,
telnet 0.0.0.0 0.0.0.0 inside
change it to
telnet x.x.x.x 255.255.255.255 inside
x.x.x.x is your management PC's IP or your can define a range excluding any subnet you don't want.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide