PIX 506 Reset

rm1 · ‎10-05-2005

Trying to reset to factory defaults due forgeten password, keep get an error?

Any ideas why?

Thnx

monitor> address 192.168.123.200

address 192.168.123.200

monitor> gateway 192.168.123.254

gateway 192.168.123.254

monitor> server 192.168.123.100

server 192.168.123.100

monitor> file np63.bin

file np63.bin

monitor> tftp

tftp np63.bin@192.168.123.100 via 192.168.123.254

TFTP failed (return:-12 arg:0x0)

monitor> ping 192.168.123.100

Sending 5, 100-byte 0x3f29 ICMP Echoes to 192.168.123.100, timeout is 4 seconds:

!!!!!

Success rate is 100 percent (5/5)

monitor> inerface 1

Invalid or incorrect command. Use 'help' for help.

monitor> interface 1

0: i8255X @ PCI(bus:0 dev:13 irq:11)

1: i8255X @ PCI(bus:0 dev:14 irq:10)

Using 1: i82559 @ PCI(bus:0 dev:14 irq:10), MAC: 0004.9ad0.fd7f

monitor> trace

trace on

monitor> tftp

tftp np63.bin@192.168.123.100 via 192.168.123.254<3><3><3><3><3><3><3><3><3><3>AAAAAAAAAAA<5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5

TFTP failed (return:-12 arg:0x0)

monitor>

jmia · ‎10-05-2005

In configuration mode:

configure factory-default

..Follow the on screen instructions...

Hope this helps, and please rate post if it does as it may help others too.

Jay

rmurdoch · ‎10-06-2005

How do you get into config mode whenyour locked out?

Thnx

Patrick Iseli · ‎10-06-2005

Factory config looks like this:

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname pixfirewall

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

mtu intf2 1500

no ip address outside

ip address inside 192.168.1.1 255.255.255.0

no ip address intf2

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

To erase the config use:

write erase

reload

To your TFTP problem:

Have you downloaded the PIX OS Image in BINARY mode ?

Otherwise the image get corrupted.

sincerely

Patrick

jakob.langgaard · ‎10-07-2005

Hi ..

I understandyour second question on how to erase the config when you are locked out :-))) that is tricky.

So back to your problem:

- Are you 100% sure that the tftp server is working ?

can you test it withan tftp client from another pc ?

Otherwise I have no clue, since your commands are fine (very simple) ..

/Jakob

rmurdoch · ‎10-07-2005

TFTP was the issue had to use the following software and it work...http://perso.wanadoo.fr/philippe.jounin/download/tftpd32e.zip

Followed the Cisco doc and reset the password...

Thanks guys..!

PS I tried FTP to/from IIS6 and a few other vendors..didn't work only the above did.

bobd · ‎10-07-2005

I've ran into situations where I had to disable logging and progress tracking on the tftp server for the PiX to download properly in monitor mode.

Bob

rpathani · ‎10-09-2005

Make sure you use tftpd32 tftp server form:

http://tftpd32.jounin.net

(File: tftpd32.280.zip)

Incase using windows-xp SP2, make sure you do not have windows firewall turned on and tftp server up and running and pointing to np63.bin file.

If your Pix is running 6.3 code then you can first try with np63.in else at times this dosen't work then you can use np62.bin to try with that.

make sure you do not have two different tftp servers installed/running on your system.

-Most important, i notice you using "gateway"; try avoiding gateway command while doing password recovery and make sure to connect the tftp server host directly to your pix inside interface. I'm sure this would fix the issue and recover the password for you.

Rahul Pathania

rpathani@cisco.com