Hi. I bought a used Pix501 firewall. The seller does not have the password. I've read the instructions at
http://www-tss.cisco.com/eservice/compass/common/activities/password_PIX.htm#sample but I cannot get them to work. I have a PC with HyperTerminal and TFTP server on it. The PC is connected to the Pix501 with a console cable, and I can communicate with the Pix501 (Break during startup; see the "monitor" command). My issue is with the ethernet connection: I need to get a working ethernet to the Pix501. I've tried connecting the Pix501 to my LinkSys router, but that is not working: the router does not acknowledge the existence of the Pix501; and the ping command (from Pix501 to the PC) times out. The Pix501 is not configured yet: putting it in the middle of my network as a router will cause everything to stop. It can only exist (now) as a standalone, isolated host. So my question is: how can I get an ethernet-IP address for the Pix501? Does the ethernet cable go into the Pix501 outside or inside port? Can I directly connect the Pix501 ethernet to my PC ethernet? Is there anyway to upload the password reset file thru the serial/console port?
Marius: thanks for the idea. I'll give it a try. Question: How can I find out what the IP addresses of the Pix501 are? I cannot log into it ("enable" command) to do a "show ip" command to see what IP address ranges it has internally defined. Is there a way I can find the Pix501 IP address from the "monitor" prompt I get when breaking during the bootup?
If you followed the password recovery in the link you have in the original post then the ASA IP would be 10.21.1.99.
Then you would configure the server as IP 10.21.1.2 255.255.255.0 ( this will be your PC, I am assuming the ASA will assign a /24 subnet mask even though you don't configure it manually). Make sure you configure you PC with this IP. Now you should have connectivity between the two, and you should be able to initiate the file transfer.
Is there a way I can find the Pix501 IP address from the "monitor" prompt I get when breaking during the bootup?
monitor> address 10.21.1.99
Please remember to rate and select a correct answer
No, I was not able to reset the password. I tried everything: As you suggested, I connected the Pix501 directly to the PC (rather than going via the router) and yet I was never able to get the ethernet connection working: I could not ping the PC from the Pix501 (or vice versa). The serial connection worked great, but that alone is not enough to load the reset file into the Pix501. I don't see how someone could design a box like this and require _two_ connections to reset to factory startup state. If the customer needs to do this, the customer is obviously desparate - perhaps in a time criticall situation, and the reset procedure should only require a single connection, preferably the serial line. Many devices just have a button you press & hold for 10 seconds. Too risky? Fine, require the serial line and a special file download. But _two_ communication lines? that is excessive.
I'm just going to drop the Pix501 .. it is very user-unfriendly.
But the responses here were helpful: I'll mark the top grades. Thanks for your input!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...