Reset Cisco PIX Firewall 515e

Unanswered Question
Jennifer Halim Wed, 04/07/2010 - 06:07
User Badges:
  • Cisco Employee,

Here is the password recovery procedure:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/trouble.html#wp1049417


You would need to know what is the version of PIX to download corresponding password recovery binary file:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml


If you perform the password recovery, you do not need to reconfigure the PIX firewall.


Hope that helps.

Thanks for this response, it was very helpful. As far keeping the configuration of the firewall, I'm not sure that

we can keep these rules. The firewall has so many rules that do not pertain to our environment. It

could create more tech support than starting fresh.


How do I erase all this infomation?


Thanks

JORGE RODRIGUEZ Wed, 04/07/2010 - 07:59
User Badges:
  • Green, 3000 points or more

There are couple of methods to wipe out device configuration,  either use pix(config)# write erase, or use configure factory-default parameter under global configuration  see both links bellow.


PIX code 7.x - factory-default

http://www.cisco.com/en/US/partner/docs/security/asa/asa70/command/reference/c.html#wp1968681

PIX code 6.x  - factory-default

http://www.cisco.com/en/US/partner/docs/security/pix/pix63/command/reference/c.html#wp1055799


Regards

It works!


Now I'm at the point to start using Cisco ASDM and its not letting me connect to the firewall. I prefer using the GUI to configure all security policies than using command prompt.


However, as I mentioned above, it is not letting me connect. it keeps giving me an error "Unable to launch device manager from https://192.168.1.1"


Any ideas?

francisco_1 Wed, 04/07/2010 - 09:20
User Badges:
  • Gold, 750 points or more

you need to permit http connection


http server enable

http 192.168.1.0 255.255.255.0 inside

francisco_1 Wed, 04/07/2010 - 09:50
User Badges:
  • Gold, 750 points or more

sounds like asdm image is not loaded.


can you post "sh asdm image" and "show flash" and "show version"

LVCLC-FW# sh flash

flash file system:  version:3  magic:0x12345679

  file 0: origin:       0 length:1978424

  file 1: origin: 2097152 length:2377

  file 2: origin: 2621440 length:1928

  file 3: origin:       0 length:0

  file 4: origin:       0 length:0

  file 5: origin: 8257536 length:308

LVCLC-FW# sh asdm image

Type help or '?' for a list of available commands.

LVCLC-FW# sh version

Cisco PIX Firewall Version 6.3(5)

Compiled on Thu 04-Aug-05 21:40 by morlee

LVCLC-FW up 1 hour 21 mins

Hardware:   PIX-515, 64 MB RAM, CPU Pentium 200 MHz

Flash i28F640J5 @ 0x300, 16MB

BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0003.6bf6.ed00, irq 11

1: ethernet1: address is 0003.6bf6.ed01, irq 10

2: ethernet2: address is 00e0.b604.7c8d, irq 9

3: ethernet3: address is 00e0.b604.7c8c, irq 9

4: ethernet4: address is 00e0.b604.7c8b, irq 9

5: ethernet5: address is 00e0.b604.7c8a, irq 9

Licensed Features:

Failover:                    Enabled

VPN-DES:                     Enabled

VPN-3DES-AES:                Enabled

Maximum Physical Interfaces: 6

Maximum Interfaces:          10

Cut-through Proxy:           Enabled

Guards:                      Enabled

URL-filtering:               Enabled

Inside Hosts:                Unlimited

Throughput:                  Unlimited

IKE peers:                   Unlimited

This PIX has an Unrestricted (UR) license.

Serial Number: 405442124 (0x182a8e4c)

Configuration last modified by enable_15 at 12:58:09.171 UTC Wed Apr 7 2010

LVCLC-FW#

francisco_1 Wed, 04/07/2010 - 10:50
User Badges:
  • Gold, 750 points or more

you are using Cisco PIX Firewall Version 6.3(5). you need to use instead the PDM (PIX Device Manager)  not ASDM to connect to web GUI. To run ASDM on your PIX, you need to have minimum i believe PIX OS version 7.0.

After going thru all this trouble, is not easier just to create the rules thru command prompt?  Basically, here is what needs to be acomplished,



internal networks:


192.168.1.0/24

192.168.2.0/24


both needs to be able to search internet websites, browse, and connect to other remote networks (ex. 10.5.1.0/24)


On the other hand, a remote network (ex. 10.5.1.0/24) needs to have access to internal network 192.168.1.0/24


Can you provide an example?


Thanks

francisco_1 Thu, 04/08/2010 - 03:56
User Badges:
  • Gold, 750 points or more

The config below should allow you to access the internet at least.



nameif ethernet0 outside security0  (This the outside interface)
nameif ethernet1 inside security100
ip address outside **  (Enter your Public IP Provided by your ISP)

ip address inside 192.168.*.* 255.255.255.0 (Enter your Inside IP)
pdm location 192.168.1.1 255.255.255.255 inside
global (outside) 1 interface 
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl_inside in interface inside
route outside 0.0.0.0 0.0.0.0 *** (** This should be your ISP router)
http server enable
http 192.168.*.* 255.255.255.0 inside  (*** subnet to manage Web GUI on PIX)
access-list acl_inside permit ip any any



Make sure 192.168.2.0/24 have a route to the PIX.


Regards


Francisco

Actions

This Discussion