05-15-2007 11:12 AM - edited 03-11-2019 03:14 AM
I've inherited a PIX 501 firewall and want to change many of the settings used by the previous owners.
I'm doing this in the CLI. The web based GUI gave me some problems (error messages about certificates and so forth). In fact, one of the things I'd like to do is eliminate all the crypto, isakamp and vpngroup entries and start from scratch - once I'm at that point.
I'm both new to Cisco equipment and new to the CLI.
First of all, I wanted to change the username and password used to access the PIX via Telnet.
This is what I've tried, with the results:
User Access Verification
Username: 123admin
Password: **********
Type help or '?' for a list of available commands.
pixfw> en
Password: **********
pixfw# configure terminal
pixfw(config)# username admin
Usage: username <username> {nopassword|password <password>[encrypted]}
[privilege <level>]
username <username> privilege <level>
[no|show} username {<name>]
clear username
pixfw(config)# username admin password "123456789" encrypted privilege 15
Encrypted password is of incorrect length
Username addition failed.
pixfw(config)#
My remarks:
1) Password is the same as password currently being used - how can it NOT be acceptable?
2) What does "Username addition failed" mean? I don't want to add a new user, only change existing username and then password.
Thank you,
David
05-15-2007 11:44 AM
David-
You cannot just change the name - you'll have to delete the old one and add a new one.
pixfw(config)#username admin password "123456789" privilege 15
(don't use the encrypted keyword - it will encrypt it anyway - that is what is giving you the error)
pixfw(config)#no username 123admin
pixfw(config)#exit
Log out and log in as 'admin' to verify that it works before saving your config. That way you can always reboot the PIX and get back to your original config if you make any mistakes. Assuming everything works, go back to enable mode and do a 'wr mem'
HTH,
Paul
05-16-2007 04:12 AM
Thank you for your very useful response. Besides resolving my problem, I've learned (if I understand correctly) a very useful tip for recovering from human error:
If I misconfigure something, I can reboot the PIX and - provided I have not yet typed the "write memory" command - the firewall will revert to previous settings.
If after testing the new configuration successfully, I can make my changes permanent by using the "write memory" command.
05-15-2007 12:13 PM
You need to remove the old username and password and reenter the username and password again !
no username admin
username admin password abc123 priv 15
sincerely
Patrick
05-16-2007 04:18 AM
Thank you Patrick!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: