cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
564
Views
0
Helpful
3
Replies

FWSM admin access issue

kalashnikovsg
Level 1
Level 1

Hi!

I need to gain access to admin context which is located on FWSM module. I don't know it IP-addresses, because other man performed configuration before me. The command "session slot" didn't help me:

session slot 3 processor 1

The default escape character is Ctrl-^, then x.

You can also type 'exit' at the remote prompt to end the session

Trying 127.0.0.31 ...

% Connection refused by remote host

There are two other contexts on it (not admin). I can log to this contexts. But I can't “changeto” admin context because of privileges absence.

My question is the next. Is it possible to log to admin context in my situation without resetting the module? How?

1 Accepted Solution

Accepted Solutions

0x105A978 10.X.1.Y:23 10.X.28.Y:22498 ESTAB

0x105B53C 10.X.0.Z:23 10.X.48.Z:1121 ESTAB

You would see 127.0.0.31 as the IP address for the module in slot 3. But, I do not see that in the output.

If you reload the blade I am sure you will be able to session in after which you can upgrade.

If you are not sure of the password to session in the only way is to do password recovery.

You can read here:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/troubl_f.html#wp1049302

View solution in original post

3 Replies 3

Kureli Sankar
Cisco Employee
Cisco Employee

Are you sure the module is in slot 3? Could you check on the switch config if telnet is not an allowed transport input under the line vty 0 4 config?

From the swtich you can try to do

#sh tcp brief all

and then

#clear tcp tcb

and then try to session in. This is the only way to get to the admin context if you do not remember the IP add to the admin context.

You are right, you cannot change to from other context if it is not designated as the admin context.

I am not sure what code you are running in the FWSM but, read up this defect

CSCsj82547 Management sessions to the FWSM are refused but should be allowed

fixed in 3.2.2

Hi!

I am sure that the module is in the slot 3. There are no idle connection on the switch. FWSM code is 3.2.1. But I can't upgrade to 3.2.2 because I don't have access to system context.

mvz-rd-csw1-b1a#sh tcp brief all

TCB Local Address Foreign Address (state)

0x105A2A8 0.0.0.0:23 0.0.0.0:0 LISTEN

0x1090B40 0.0.0.0:80 0.0.0.0:0 LISTEN

0x1059420 0.0.0.0:113 0.0.0.0:0 LISTEN

0x1078C38 0.0.0.0:544 0.0.0.0:0 LISTEN

0x1058F48 0.0.0.0:1979 0.0.0.0:0 LISTEN

0x1098E10 0.0.0.0:1989 0.0.0.0:0 LISTEN

0x1098938 0.0.0.0:1992 0.0.0.0:0 LISTEN

0x105A978 10.X.1.Y:23 10.X.28.Y:22498 ESTAB

0x105B53C 10.X.0.Z:23 10.X.48.Z:1121 ESTAB

0x105A780 ????:23 ????:0 LISTEN

0x105A978 10.X.1.Y:23 10.X.28.Y:22498 ESTAB

0x105B53C 10.X.0.Z:23 10.X.48.Z:1121 ESTAB

You would see 127.0.0.31 as the IP address for the module in slot 3. But, I do not see that in the output.

If you reload the blade I am sure you will be able to session in after which you can upgrade.

If you are not sure of the password to session in the only way is to do password recovery.

You can read here:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/troubl_f.html#wp1049302

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: