IDS 4235 password recovery

vpersaud001 · ‎05-13-2008

Hello,

I have two documents for password recovery on the 4235. Can you advise which one to use? The first one listed below seems easier but I have a feeling I'm missing something. Thanks.

http://www.cisco.com/en/US/docs/security/ips/6.0/release/notes/8827_02.html#wp1157210

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_password_recovery09186a0080094e83.shtml

marcabal · ‎05-13-2008

The first option is the best and recommended option, BUT it requires that version 6.0 or later already be running on your sensor.

If your sensor is running version 5.1 or earlier and all passwords are lost, then you would need to re-image your sensor and will lose all of your configuration.

If you don't know which version you are running then reboot the sensor and watch for the Grub prompt.

If the Grub prompt shows up with 3 options, then you are running version 6.0 and can select option 2 to clear the password (it gets reset back to "cisco").

If the Grub prompt only has 2 options, then you are running version 5.1 or earlier. At this point you may just want to go ahead and select option 1 to do a Recovery on the sensor. It will reload the operating system and set the password back to "cisco", but will also wipe out most of your configuration.

vpersaud001 · ‎05-13-2008

Thanks!! Thats a big help. I'll post an update upon completion.

isgphyd12 · ‎05-13-2008

Hi,

i have IDSM-2 with v5.0,

it is possible reimage with the same version 5.0 or only way is to go for the 4.1 then upgrade it to v 5.0 ?

marcabal · ‎05-14-2008

Are you able to access version 5.0, or have you lost your passwords?

If you still have access to version 5.0, then there is no reason to do a re-image. Instead just "upgrade" to a more recent version like 5.1(7)E1, 6.0(4)E1, or 6.1(1)E1.

Upgrade locations:

IPS-K9-5.1-7-E1.pkg

http://www.cisco.com/cgi-bin/tablebuild.pl/ips5

IPS-K9-6.0-4a-E1.pkg

IPS-K9-6.1-1-E1.pkg

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6

Upgrade instructions:

http://www.cisco.com/en/US/partner/docs/security/ips/6.1/configuration/guide/cli/cli_system_images.html#wp1088688

If you have lost your passwords, then you will need to re-image, but I would not bother with version 4.1 or even 5.0. They are both too old and not worth loading at this point.

I would re-image directly to either version 5.1(7)E1 or 6.0(4)E1, or even 6.1(1)E1.

For 5.1(7)E1 use this file:

IPS-IDSM2-K9-sys-1.1-a-5.1-7-E1.bin.gz

http://www.cisco.com/cgi-bin/tablebuild.pl/ips5-cat6500-idsm2-sys

For 6.0(4)E1 use this file:

IPS-IDSM2-K9-sys-1.1-a-6.0-4-E1.bin.gz

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys

For 6.1(1)E1 use this file:

IPS-IDSM2-K9-sys-1.1-a-6.1-1-E1.bin.gz

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys

For installation instructions:

http://www.cisco.com/en/US/partner/docs/security/ips/6.1/configuration/guide/cli/cli_system_images.html#wp1031426

isgphyd12 · ‎05-14-2008

Thanks a lot for your reply.

You mean to say while re-imaging it will not check the previous version and I can re-image with any thing of this.

My module is WS-SVC-IDSM-2 with 5.0(2)

I got WS-SVC-IDSM2-K9-sys-1.1-a-6.0-1-E1.bin.gz file from cisco.com, Is this a right one ?

marcabal · ‎05-14-2008

Correct that a re-image does not care about the previous version.

But I would not use a 6.0(1)E1 image, and would instead go directly to the latest 6.0 version which is 6.0(4)E1:

For 6.0(4)E1 use this file:

IPS-IDSM2-K9-sys-1.1-a-6.0-4-E1.bin.gz

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys

But if your 5.0(2) is functional and accessible I would not even bother with a re-image, and instead do a much simpler "upgrade" straight to 6.0(4)E1. The 6.0(4)E1 "upgrade" file can be installed on top of any 5.0(1) or higher sensor version.

IPS-K9-6.0-4a-E1.pkg

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6

vpersaud001 · ‎05-14-2008

Marcabal.... I apologize in advance for this question. Is there any step by step tutorial on how to apply the signature updates and license? I've never worked on the sensors before and need to implement both license and signature updates on an IDS 4215 with 5.1(4)S283.0. Thanks for your help.

vpersaud001 · ‎05-14-2008

Marcabal... please ignore previous post. I found the document. Thanks.

vpersaud001 · ‎05-15-2008

marcabal.... I'm not getting the Grub menu. Upon rebooting I get the following:

GRUB loading stage1.5.

GRUB loading, please wait...

Uncompressing Linux... Ok, booting the kernel.

Login prompt.

Any advice?

Thanks.

vpersaud001 · ‎05-15-2008

Anyone?? I'm onsite today and trying to get this done. Would greatly appreciate any help in resetting this device password.

Also there is no cd-rom drive on the device. Not sure how to re-image it.

vpersaud001 · ‎05-15-2008

Got the GRUB menu after connecting a laptop. Now gotta figure out how to find the cd rom drive.

vpersaud001 · ‎05-15-2008

well.... Found the cd rom drive after removing the front panel.

vpersaud001 · ‎05-19-2008

Thanks very much for your help. I was able to re-image two sensors and re-configure them.