I have several PIX 501 firewalls. These have all been configured with addresses on both inside and outside interfaces. These have all been password protected. I am trying to do a pssword reset using the np63.bin file and tftp. I have went over and over the procedure and ahve been unable to make this work. Here is what I am doing exactly.
I am connecting both my laptop and the PIX to a standalone 2950 switch using a stright thru ethernet cable
1.) Boot the 501 into monitor mode
2.) select an interface using the interface command (I have tried both inside 1 and outside 0)
3.) use the address command to set an address on selected interface. ( I am setting both laptop and interface in the same subnet ie 10.10.2.100/24 and 10.10.2.111/24)
4.) use the server command to tell the monitor mode where the tftp (laptop) is.
I am unable to ping the server from pix while consoled in.
I have tried several times over the last few months and have never been able to get it to work.
Has anyone been able to get this to work in the past or can you currently get it to work now.
I am thinking that part of the issue is that the pix already ahs an ip assigned to the interfaces in the PIX config - however since I am locked out, I am unable to see the ip addressess that are currently set.
All - I have finally resolved this 9 month old issue. You might want to make a note here as it will probably bite you at some time or another. The entire ended up being that Solar Winds free tftp server can nopt be used to perform this procedure on the PIX 501 ( I do not know if specific IOS has anything to do with it or not but I am running 6.3(5) on these). I simply changed tftp server to TFTPD32 and the problem was immediately resolved. Thanks to all of you who have taken a stab at this especially thanks to all of you who have withstood my somewhat "sarcastic" remarks over the past 9 months. There is always a solution - finding it can prove to be elusive at times.
The last time I posted this thread (January 2008 - yes I have been messing with this that long) I also received lots of response from persons who wanted to make sure that I was doing basic networking stuff correctly. Although I do want to hear from anyone who might have a solution - I was really hoping to get a response from someone who has made this work using my conditions ( the primary condition being that the PIX already has IP info in configuration and I do not know thw password). I have downloaded and tried the routine outlined by Cisco(in every combination of circumstances imaginable). This really shouldn't be that hard.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...