Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 501

How do you restore the PIX 501, 6.2 to its default values. "Erase" is not a command, "reload" will not work.

Thanks.

Said

16 REPLIES

Re: PIX 501

Try "write erase" then reload.

HTH and please rate.

Re: PIX 501

To restore it use:

1.) Reload Factory config:

config factory-default

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_quick_start09186a00807d280a.html#wp60695

or

2.) Reset config and boot with wizzard :

conf t

write erase

reload

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ae.html#wp1027782

3.) Default config :

interface ethernet0 auto shutdown

interface ethernet1 auto

interface ethernet2 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

mtu intf2 1500

no ip address outside

ip address inside 192.168.1.1 255.255.255.0

no ip address intf2

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

sincerely

Patrick

Community Member

Re: PIX 501

Patrick Thanks. 1)Is DHCP enabled by default? After erasing and reloading the PIX, I am not able to get an IP. Cable to the PIX switch is a straight through.

I try then to configure the PIX using Web: https://192.168.1.1/startup.html

https://192.168.1.1 no success with web. Do you have any suggestions.

Re: PIX 501

If you have used the < config factory-default > then you should have DHCP activated and the PIX should have 192.168.1.1 as inside IP adress.

If you have chosen the < write erase > and < reload > then you have an empty config without and IP adress. In this case use your blue serial cable and check the config on the console port. You need to configure manually the PIX use my config in the previous post.

Use hyper terminal with 9600/8N1.

Note: Password is empty press ENTER.

en

conf t

sh run

sincerely

Patrick

Community Member

Re: PIX 501

Patrick Thanks. I followed your previous instructions. The PIX provides DHCP address to my PC.

1. I am still not have PDM/web access.

2. I can not access the Internet after cabling the PIX to a DSL modem, using straight through, then cross over cable. Do you have any suggestions?

The following is the sh run output.

pixfirewall# sh run Assign a

: Savedan inte

:a

PIX Version 6.2(2)

nameif ethernet0 outside security0disable or display IP address to n

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRX

object-gr

fixup protocol http 80 group for use in 'acc

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

ntp Confi

fixup protocol ils 389col

fixup protocol rsh 514

outbound

fixup protocol rtsp 554s list

fixup protocol smtp 25

pager

fixup protocol sqlnet 1521gination

fixup protocol sip 5060

passwd

fixup protocol skinny 2000ess password

names

pager lines 24

ip address inside 127.0.0.1 255.255.255.255

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e

: end

pixfirewall#

Re: PIX 501

in the pix command line add the following to access the pix via PDM.

http PC.ip.address 255.255.255.255 inside

Community Member

Re: PIX 501

Hi,

I am unable to access the PIX using web browser. I added the following: http 192.168.1.118 255.255.255.255 inside

Re: PIX 501

add the following in the pix

http server enable

Re: PIX 501

Said, I forgot to mension , after you enable http server in the pix and load your browser,

you may need to access the PIX by secure http: https://192.168.1.1

Community Member

Re: PIX 501

JORGE,

I am unable to get a DHCP IP for the PC from the PIX.

Accessing the PIX via browser does not work. I need to get an IP first.

Any suggestions?

Thanks.

Said

Community Member

Re: PIX 501

Jorge,

Still no IP from PIX's DHCP. The following is the config. Any suggestions?

Thanks.

Said

:

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

pager lines 24

interface ethernet0 10baset shutdown

interface ethernet1 10full shutdown

mtu outside 1500

<--- More --->

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

http 192.168.1.1 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet timeout 5

<--- More --->

dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:2517fc437be0b0cff8a9b0f7c34e01a4

: end

pixfirewall#

Re: PIX 501

i see in the config you have http 192.168.1.1 255.255.255.255 inside

this the ip address of your PIX inside interface .

Do as follows:

no http 192.168.1.1 255.255.255.255 inside

http your.PC.IP 255.255.255.255 inside

configure your machine with static IP in TCPIP settings .

Community Member

Re: PIX 501

the following changes did not work. I still can not open a browser to configure the 501.

no http 192.168.1.1 255.255.255.255 inside

http your.PC.IP 255.255.255.255 inside

static IP addresses in TCPIP settings .

Re: PIX 501

Is the port on your Laptop up ?

Click on RUN (Execute) cmd and type into the DOS box : ipconfig /all

try to renew the IP with:

ipconfig /relase

ipconfig /renew

Check the port status on your PIX:

enable

sh int

sh ip

sh arp

sincerely

Patrick

Community Member

Re: PIX 501

Patrick,

Thank you. The follwing are the results. I am able to get DHCP IP addresses, however I am still unable to use the web browser to configure the 510. Any suggestins?

Regards.

Said

pixfirewall(config)# sh ip

System IP Addresses:

ip address outside 127.0.0.1 255.255.255.255

ip address inside 192.168.1.1 255.255.255.0

Current IP Addresses:

ip address outside 127.0.0.1 255.255.255.255

ip address inside 192.168.1.1 255.255.255.0

pixfirewall(config)# sh int

interface ethernet0 "outside" is up, line protocol is down

Hardware is i82559 ethernet, address is 000c.ce7d.6f6c

IP address 127.0.0.1, subnet mask 255.255.255.255

MTU 1500 bytes, BW 10000 Kbit half duplex

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

87 packets output, 51330 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

87 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/0)

output queue (curr/max blocks): hardware (0/1) software (0/1)

interface ethernet1 "inside" is up, line protocol is up

Hardware is i82559 ethernet, address is 000c.ce7d.6f6d

IP address 192.168.1.1, subnet mask 255.255.255.0

MTU 1500 bytes, BW 10000 Kbit full duplex

112 packets input, 24784 bytes, 0 no buffer

Received 111 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

8 packets output, 1008 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/1)

output queue (curr/max blocks): hardware (0/1) software (0/1)

pixfirewall(config)# sh arp

inside 192.168.1.2 00d0.59b7.373b

inside 255.255.255.255 00d0.59b7.373b

pixfirewall(config)#

Re: PIX 501

The config looks fine.

http server enable

http 192.168.1.0 255.255.255.0 inside

Question: Do you have any kind of error message when you connect to the PIX with browser ? If yes post it.

https://192.168.1.1

1.) There is maybe no pdm.bin installed on the PIX ? Very unlikely.

2.) Your browser blocks JAVA, cookies and popups. Try diffrent browsers.

3.) You might use an incompatible Java version 1.5.x but this usally leads to error messages.

Use 1.4.x version as Cisco recommends.

Checkout this PDM troubleshooting guide:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_installation_guide_chapter09186a008017a424.html

sincerely

Patrick

274
Views
10
Helpful
16
Replies
CreatePlease to create content