IDS 4235 password recovery

Unanswered Question
May 13th, 2008
User Badges:

Hello,

I have two documents for password recovery on the 4235. Can you advise which one to use? The first one listed below seems easier but I have a feeling I'm missing something. Thanks.

http://www.cisco.com/en/US/docs/security/ips/6.0/release/notes/8827_02.html#wp1157210

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_password_recovery09186a0080094e83.shtml

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marcabal Tue, 05/13/2008 - 06:54
User Badges:
  • Cisco Employee,

The first option is the best and recommended option, BUT it requires that version 6.0 or later already be running on your sensor.


If your sensor is running version 5.1 or earlier and all passwords are lost, then you would need to re-image your sensor and will lose all of your configuration.


If you don't know which version you are running then reboot the sensor and watch for the Grub prompt.


If the Grub prompt shows up with 3 options, then you are running version 6.0 and can select option 2 to clear the password (it gets reset back to "cisco").


If the Grub prompt only has 2 options, then you are running version 5.1 or earlier. At this point you may just want to go ahead and select option 1 to do a Recovery on the sensor. It will reload the operating system and set the password back to "cisco", but will also wipe out most of your configuration.

vpersaud001 Tue, 05/13/2008 - 08:26
User Badges:

Thanks!! Thats a big help. I'll post an update upon completion.

isgphyd12 Tue, 05/13/2008 - 23:40
User Badges:

Hi,


i have IDSM-2 with v5.0,

it is possible reimage with the same version 5.0 or only way is to go for the 4.1 then upgrade it to v 5.0 ?


marcabal Wed, 05/14/2008 - 00:01
User Badges:
  • Cisco Employee,

Are you able to access version 5.0, or have you lost your passwords?


If you still have access to version 5.0, then there is no reason to do a re-image. Instead just "upgrade" to a more recent version like 5.1(7)E1, 6.0(4)E1, or 6.1(1)E1.


Upgrade locations:

IPS-K9-5.1-7-E1.pkg

http://www.cisco.com/cgi-bin/tablebuild.pl/ips5

IPS-K9-6.0-4a-E1.pkg

IPS-K9-6.1-1-E1.pkg

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6


Upgrade instructions:

http://www.cisco.com/en/US/partner/docs/security/ips/6.1/configuration/guide/cli/cli_system_images.html#wp1088688



If you have lost your passwords, then you will need to re-image, but I would not bother with version 4.1 or even 5.0. They are both too old and not worth loading at this point.

I would re-image directly to either version 5.1(7)E1 or 6.0(4)E1, or even 6.1(1)E1.


For 5.1(7)E1 use this file:

IPS-IDSM2-K9-sys-1.1-a-5.1-7-E1.bin.gz

http://www.cisco.com/cgi-bin/tablebuild.pl/ips5-cat6500-idsm2-sys


For 6.0(4)E1 use this file:

IPS-IDSM2-K9-sys-1.1-a-6.0-4-E1.bin.gz

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys


For 6.1(1)E1 use this file:

IPS-IDSM2-K9-sys-1.1-a-6.1-1-E1.bin.gz

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys


For installation instructions:

http://www.cisco.com/en/US/partner/docs/security/ips/6.1/configuration/guide/cli/cli_system_images.html#wp1031426

isgphyd12 Wed, 05/14/2008 - 02:32
User Badges:

Thanks a lot for your reply.

You mean to say while re-imaging it will not check the previous version and I can re-image with any thing of this.


My module is WS-SVC-IDSM-2 with 5.0(2)

I got WS-SVC-IDSM2-K9-sys-1.1-a-6.0-1-E1.bin.gz file from cisco.com, Is this a right one ?


marcabal Wed, 05/14/2008 - 05:20
User Badges:
  • Cisco Employee,

Correct that a re-image does not care about the previous version.


But I would not use a 6.0(1)E1 image, and would instead go directly to the latest 6.0 version which is 6.0(4)E1:

For 6.0(4)E1 use this file:

IPS-IDSM2-K9-sys-1.1-a-6.0-4-E1.bin.gz

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys


But if your 5.0(2) is functional and accessible I would not even bother with a re-image, and instead do a much simpler "upgrade" straight to 6.0(4)E1. The 6.0(4)E1 "upgrade" file can be installed on top of any 5.0(1) or higher sensor version.

IPS-K9-6.0-4a-E1.pkg

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6

vpersaud001 Wed, 05/14/2008 - 05:35
User Badges:

Marcabal.... I apologize in advance for this question. Is there any step by step tutorial on how to apply the signature updates and license? I've never worked on the sensors before and need to implement both license and signature updates on an IDS 4215 with 5.1(4)S283.0. Thanks for your help.

vpersaud001 Wed, 05/14/2008 - 05:42
User Badges:

Marcabal... please ignore previous post. I found the document. Thanks.

vpersaud001 Thu, 05/15/2008 - 06:28
User Badges:

marcabal.... I'm not getting the Grub menu. Upon rebooting I get the following:

GRUB loading stage1.5.

GRUB loading, please wait...

Uncompressing Linux... Ok, booting the kernel.


Login prompt.


Any advice?

Thanks.

vpersaud001 Thu, 05/15/2008 - 07:52
User Badges:

Anyone?? I'm onsite today and trying to get this done. Would greatly appreciate any help in resetting this device password.

Also there is no cd-rom drive on the device. Not sure how to re-image it.

vpersaud001 Thu, 05/15/2008 - 08:20
User Badges:

Got the GRUB menu after connecting a laptop. Now gotta figure out how to find the cd rom drive.

vpersaud001 Thu, 05/15/2008 - 08:22
User Badges:

well.... Found the cd rom drive after removing the front panel.

vpersaud001 Mon, 05/19/2008 - 06:11
User Badges:

Thanks very much for your help. I was able to re-image two sensors and re-configure them.

Actions

This Discussion