04-07-2010 05:51 AM - edited 03-11-2019 10:29 AM
I just inherited a cisco pix firewall 515e with no documentation or password information. The firewall will need to be reset to factory. Then, after completing this task, start configuring basic information such as interface ip address.
Can you help?
04-07-2010 06:07 AM
Here is the password recovery procedure:
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/trouble.html#wp1049417
You would need to know what is the version of PIX to download corresponding password recovery binary file:
If you perform the password recovery, you do not need to reconfigure the PIX firewall.
Hope that helps.
04-07-2010 06:55 AM
Thanks for this response, it was very helpful. As far keeping the configuration of the firewall, I'm not sure that
we can keep these rules. The firewall has so many rules that do not pertain to our environment. It
could create more tech support than starting fresh.
How do I erase all this infomation?
Thanks
04-07-2010 07:59 AM
There are couple of methods to wipe out device configuration, either use pix(config)# write erase, or use configure factory-default parameter under global configuration see both links bellow.
PIX code 7.x - factory-default
http://www.cisco.com/en/US/partner/docs/security/asa/asa70/command/reference/c.html#wp1968681
PIX code 6.x - factory-default
http://www.cisco.com/en/US/partner/docs/security/pix/pix63/command/reference/c.html#wp1055799
Regards
04-07-2010 09:13 AM
It works!
Now I'm at the point to start using Cisco ASDM and its not letting me connect to the firewall. I prefer using the GUI to configure all security policies than using command prompt.
However, as I mentioned above, it is not letting me connect. it keeps giving me an error "Unable to launch device manager from https://192.168.1.1"
Any ideas?
04-07-2010 09:20 AM
you need to permit http connection
http server enable
http 192.168.1.0 255.255.255.0 inside
04-07-2010 09:31 AM
ok, I followed your instructions and still does not work.
After opening the log connection, on the cisco asdm-idm launcher, it says:
Ok button clicked
Trying for ASDM version file; url = https://192.168.1.1/admin/
No version file found
Trying for IDM, url= https://192.168.1.1/idm/idm.jnlp/
Not IDM
It seems like the firewall keeps refusing any connections
04-07-2010 09:50 AM
sounds like asdm image is not loaded.
can you post "sh asdm image" and "show flash" and "show version"
04-07-2010 10:18 AM
LVCLC-FW# sh flash
flash file system: version:3 magic:0x12345679
file 0: origin: 0 length:1978424
file 1: origin: 2097152 length:2377
file 2: origin: 2621440 length:1928
file 3: origin: 0 length:0
file 4: origin: 0 length:0
file 5: origin: 8257536 length:308
LVCLC-FW# sh asdm image
Type help or '?' for a list of available commands.
LVCLC-FW# sh version
Cisco PIX Firewall Version 6.3(5)
Compiled on Thu 04-Aug-05 21:40 by morlee
LVCLC-FW up 1 hour 21 mins
Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0003.6bf6.ed00, irq 11
1: ethernet1: address is 0003.6bf6.ed01, irq 10
2: ethernet2: address is 00e0.b604.7c8d, irq 9
3: ethernet3: address is 00e0.b604.7c8c, irq 9
4: ethernet4: address is 00e0.b604.7c8b, irq 9
5: ethernet5: address is 00e0.b604.7c8a, irq 9
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 10
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: 405442124 (0x182a8e4c)
Configuration last modified by enable_15 at 12:58:09.171 UTC Wed Apr 7 2010
LVCLC-FW#
04-07-2010 10:50 AM
you are using Cisco PIX Firewall Version 6.3(5). you need to use instead the PDM (PIX Device Manager) not ASDM to connect to web GUI. To run ASDM on your PIX, you need to have minimum i believe PIX OS version 7.0.
04-07-2010 10:59 AM
have u tried https://192.168.1.1/startup.html
See this link for help http://www.cisco.com/en/US/docs/security/pix/pix63/quick/guide/63_515qk.html#wp47901
04-07-2010 11:19 AM
After going thru all this trouble, is not easier just to create the rules thru command prompt? Basically, here is what needs to be acomplished,
internal networks:
192.168.1.0/24
192.168.2.0/24
both needs to be able to search internet websites, browse, and connect to other remote networks (ex. 10.5.1.0/24)
On the other hand, a remote network (ex. 10.5.1.0/24) needs to have access to internal network 192.168.1.0/24
Can you provide an example?
Thanks
04-08-2010 03:56 AM
The config below should allow you to access the internet at least.
nameif ethernet0 outside security0 (This the outside interface)
nameif ethernet1 inside security100
ip address outside ** (Enter your Public IP Provided by your ISP)
ip address inside 192.168.*.* 255.255.255.0 (Enter your Inside IP)
pdm location 192.168.1.1 255.255.255.255 inside
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl_inside in interface inside
route outside 0.0.0.0 0.0.0.0 *** (** This should be your ISP router)
http server enable
http 192.168.*.* 255.255.255.0 inside (*** subnet to manage Web GUI on PIX)
access-list acl_inside permit ip any any
Make sure 192.168.2.0/24 have a route to the PIX.
Regards
Francisco
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: